Re: Group password reset

From: Jon LaBarge (jonlabarge_at_comcast.net)
Date: 09/30/05 

Date: Thu, 29 Sep 2005 15:13:02 -0700

Also, the dsmod is my best bet but I still need the LDAP info for each user
that I want to change so my command line would be about 500 rows long.

I think 1 by 1 is the way it's gonna have to happen. Or, I can just wait
till their current PW expires and they will have to change it then.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:3d6dnUWf9-NcyKHeRVn-uQ@comcast.com...
> If you have a Window 2003 domain controller you can do that with Active
> Directory Users and Computers. I believe you highlight all the user
> accounts, select properties, and then select user must change password at
> next logon. I am going by memory so it may be a little more complicated
> [not much] than that but that should get you started in the general
> direction. You can also use the AD command line tools for dsquery for user
> and dsmod for users of which you can pipe the results from dsquery to
> dsmod. Use | between two commands with space before and after to pipe. If
> you have a Windows 2000 domain you still can use the AD command line tools
> if you install adminpak for Windows 2003 [free download from MS] onto a
> Windows XP Pro domain computer and logon as a domain administrator or use
> runas for those tools.
>
> You might want to rethink doing all the accounts in one day. Maybe do a
> fourth or so the first day to see how it goes so as to not flood support
> with calls. Be sure users are educated as to what the requirements are for
> new passwords with specific examples. You might be surprised to find out
> how hard users find this to be. --- Steve
>
> http://www.ss64.com/nt/dsmod.html -- dsmod example.
>
> "Jon LaBarge" <jonlabarge@comcast.net> wrote in message
> news:e%23vqG0SxFHA.612@TK2MSFTNGP10.phx.gbl...
>> Is there a way to force all users in AD to reset their password at the
>> next logon without having to do each account 1 by 1? We have implemented
>> PassFilt Pro SPE and I would like for all user to change their passwords
>> to meet the new complexity requirements on the go-live day. Any
>> suggestions?
>>
>> Thx,
>>
>> Jon
>>
>
>

Relevant Pages

  • Re: Group password reset
    ... Support guy. ... You can also use the AD command line tools for dsquery for user ... > you have a Windows 2000 domain you still can use the AD command line tools ... > Windows XP Pro domain computer and logon as a domain administrator or use ...
    (microsoft.public.security)
  • Re: Resetting "Password never expires" for all
    ... If you have a Windows 2003 domain controller you can do multiple accounts at ... do what you want with the dsquery and dsmod command line tools. ...
    (microsoft.public.win2000.security)
  • Re: bulk import LDIF file to modify users password, Windows 2003
    ... Piping for dsmod can be done as well. ... criteria and pipe that to the dsmod command so that you ... "Scott Lowe" wrote: ... Create a list of the DNs for the user accounts (I used LDIFDE to ...
    (microsoft.public.windows.server.active_directory)
  • Re: Group password reset
    ... > Directory Users and Computers. ... You can also use the AD command line tools for dsquery for user ... > you have a Windows 2000 domain you still can use the AD command line tools ... > Windows XP Pro domain computer and logon as a domain administrator or use ...
    (microsoft.public.security)
  • Re: bulk import LDIF file to modify users password, Windows 2003
    ... If the user passwords are variable per user, ... Otherwise a simple two line dsquery | dsmod negates the ldif export \ ... criteria and pipe that to the dsmod command so that you ... "Scott Lowe" wrote: ...
    (microsoft.public.windows.server.active_directory)