Re: Force Password Changes in mixed mode A/D

From: Robert Cohen (rcohen@bbhtx.org)
Date: 04/16/03 

From: "Robert Cohen" <rcohen@bbhtx.org>
Date: Wed, 16 Apr 2003 15:15:47 -0400

I just read that. However, I know in my organization, everyone's password
expires after 30 days but I was able to make my password never expire in
active directory.

now I do know if a VB script you can change everyone's password properties
in an OU. For example, below would change everyone's homedrive in the OU of
Staff to H:

Set ObjOU= GetObject ("LDAP://ou=staff,DC=baltimorebehavioralhealth,DC=org")
For Each ObjUser In ObjOU
objUser.homeDrive, "H:"
ObjUser.SetInfo
next

I don't know however if you could do (but I do know for that to work, the
value of MaxPasswordAge needs to be converted- I am not sure what the value
represents):

Set ObjOU= GetObject ("LDAP://ou=staff,DC=baltimorebehavioralhealth,DC=org")
For Each ObjUser In ObjOU
objUser.MaxPasswordAge = 30
ObjUser.SetInfo
next

"DJM" <djmiller@mm2k.net> wrote in message
news:018b01c30445$3dea36c0$a301280a@phx.gbl...
> In article 255550, it states that it can be done at the
> Domain level, but then anything beneath it will be
> considered a local policy and be for the local accounts.
> How can I implement a password change by Unit without
> enforcing for all of the Domain Users at once? Will the
> Global Policy at the Unit level be for the Domain account
> or the Local account which isn't used?
>
> >-----Original Message-----
> >you set it in Group Policy
> >
> >"Dan" <djmiller@mm2k.net> wrote in message
> >news:00c201c30440$149939b0$a401280a@phx.gbl...
> >> Is is possible to force domain users to change their
> >> passwords every x days? If so, how? I've searched
> >> within the A/D Users and Computers and find no
> reference
> >> to this.
> >
> >
> >.
> >

Relevant Pages

  • Re: Password Policy
    ... You minimum password age is badly high. ... Steve Riley wrote an excellent article on why password complexity is not so ... allowed to change their password before it expires. ... You can circumvant a bit the password policy by having 'password never ...
    (microsoft.public.windows.group_policy)
  • Re: Password expires for no apparent reason
    ... do not know if the policy was set and then cahnged to 'not defined'. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps ... Password expires for no apparent reason ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password never expires-cant force user to change password
    ... I'm just not a very good script writer and am not very confident. ... > password policy other than the fact that instead of thinking that UserA has ... > 90 days until their password expires, after you run the script UserA's ... >> expiration dates are staggered by department. ...
    (microsoft.public.windows.server.active_directory)
  • Re: password policy by organizational unit
    ... and created accounts and set thepolicyin the OU to 10 characters. ... other 2 options are to purchase a 3rd party tool and keep one domain ... users have the strict policy of minimum length and change every 40 ... to password never expires, and the rest change according to the group ...
    (microsoft.public.windows.group_policy)
  • Re: /sigh/ Latops in a domain...
    ... The password never expires option violates our Sarbanes-Oxley ... my understanding of this issue is: The laptop users cannot ... > access the file share via VPN due to their password expiration. ... > policy similar with "Password never expires" on this Group. ...
    (microsoft.public.windowsxp.configuration_manage)