Re: user password group policy
- From: "Greg Stigers" <gregstigers+msnews@xxxxxxxxxxx>
- Date: Tue, 14 Oct 2008 09:42:58 -0400
You can use dsquery piped into dsmod to modify this attribute of the
dsquery-selected users.
If, for instance, these users all happen to be in some nested OU (inside
another middle OU which is inside a higher OU off the domain root) within a
given domain:
dsquery user
OU=lowest,OU=middle,OU=highest,DC=discussions,DC=microsoft,DC=com|dsget
user -samid -pwdneverexpires:no
will set this value for all the users in that OU.
Of course, use dsquery by itself first to make sure that you are getting the
users whose is over the number of days you have in mind, such as:
dsquery user -stalepwd <NumDays>
which may or may not be the same set, depending on how you handle "old"
accounts. -inactive <NumWeeks> can at least help with this list of users
whose passwords are old, because they are no longer logging it. Note that
using dsmod to set -mustchpwd seems to set their password age to zero, which
is one trick for sequestering users who are gone but not forgotten.
Searching the web on "dsquery dsget" should give you examples aplenty.
Including pwdneverexpires in the search may or may not help. But you really
don't want to discover in n days that suddenly several of your services
aren't running, because your dsmod reset the pwdneverexpires flag to no for
service accounts, and you didn't know it. Tread carefully. Measure twice.
Cut once.
______
Greg Stigers, MCSE
remember to vote for the answers you like
.
- Follow-Ups:
- Re: user password group policy
- From: Chris
- Re: user password group policy
- References:
- user password group policy
- From: Chris
- user password group policy
- Prev by Date: Re: dcpromo problem in a new site
- Next by Date: Re: export account details from an OU
- Previous by thread: Re: user password group policy
- Next by thread: Re: user password group policy
- Index(es):
Relevant Pages
|
