Re: Group password reset

From: Byron Hynes [MS] (bhynes_at_online.microsoft.com)
Date: 10/01/05

  • Next message: Patrick Dickey: "Question about download blockers and Parental Controls..." 
    Date: Fri, 30 Sep 2005 23:51:25 -0700

    A few options come to mind:

     1. Set the domain password policies to expire passwords in 1 week (turn
    this policy off after 6 days). This will catch most people, do the few who
    are out of the office manually.

     2. Create a logon script that checks the last time it was run, if it hasn't
    run before, then use the script to fire off a command like "net user BillG
    * /domain" to change the users password, like this:

      C:\Documents and Settings\bph>net user bph *
      Type a password for the user:
      Retype the password to confirm:
      The command completed successfully.

    [Note that isn't a domain account]

     3. Create a logon script similar to the above, but use ADSI.

    Byron Hynes
    Windows Server
    Microsoft Corporation

    http://spaces.msn.com/members/byronphynes

    > No, it's W2K.
    >
    > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
    > news:P7mdnZ_okPZF9KHeRVn-iw@comcast.com...
    >
    >> Do you have a Windows 2003 domain controller?? --- Steve
    >>
    >> "Jon LaBarge" <jonlabarge@comcast.net> wrote in message
    >> news:eJhYrNUxFHA.628@TK2MSFTNGP10.phx.gbl...
    >>
    >>> Sigh....
    >>>
    >>> Alas, the group select option will not work.
    >>>
    >>> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in
    >>> message news:3d6dnUWf9-NcyKHeRVn-uQ@comcast.com...
    >>>
    >>>> If you have a Window 2003 domain controller you can do that with
    >>>> Active Directory Users and Computers. I believe you highlight all
    >>>> the user accounts, select properties, and then select user must
    >>>> change password at next logon. I am going by memory so it may be a
    >>>> little more complicated [not much] than that but that should get
    >>>> you started in the general direction. You can also use the AD
    >>>> command line tools for dsquery for user and dsmod for users of
    >>>> which you can pipe the results from dsquery to dsmod. Use | between
    >>>> two commands with space before and after to pipe. If you have a
    >>>> Windows 2000 domain you still can use the AD command line tools if
    >>>> you install adminpak for Windows 2003 [free download from MS] onto
    >>>> a Windows XP Pro domain computer and logon as a domain
    >>>> administrator or use runas for those tools.
    >>>>
    >>>> You might want to rethink doing all the accounts in one day. Maybe
    >>>> do a fourth or so the first day to see how it goes so as to not
    >>>> flood support with calls. Be sure users are educated as to what the
    >>>> requirements are for new passwords with specific examples. You
    >>>> might be surprised to find out how hard users find this to be. ---
    >>>> Steve
    >>>>
    >>>> http://www.ss64.com/nt/dsmod.html -- dsmod example.
    >>>>
    >>>> "Jon LaBarge" <jonlabarge@comcast.net> wrote in message
    >>>> news:e%23vqG0SxFHA.612@TK2MSFTNGP10.phx.gbl...
    >>>>
    >>>>> Is there a way to force all users in AD to reset their password at
    >>>>> the next logon without having to do each account 1 by 1? We have
    >>>>> implemented PassFilt Pro SPE and I would like for all user to
    >>>>> change their passwords to meet the new complexity requirements on
    >>>>> the go-live day. Any suggestions?
    >>>>>
    >>>>> Thx,
    >>>>>
    >>>>> Jon
    >>>>>

  • Next message: Patrick Dickey: "Question about download blockers and Parental Controls..."