Re: Resetting "Password never expires" for all
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/23/05
- Next message: Gijtech: "Re: User locked out with event 537 under type 11 logon"
- Previous message: Steven L Umbach: "Re: browse directory"
- Maybe in reply to: Steven L Umbach: "Re: Resetting "Password never expires" for all"
- Next in thread: Barry: "Re: Resetting "Password never expires" for all"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Nov 2005 17:02:48 -0600
OK. Best practice would be to try it out on a few test users in a test OU
and as always you should have a current System State backup of at least one
domain controller so that you could do an authoritative restore of AD if
there was a problem. There is also a third party application called Hyena
that should be able to do what you want. --- Steve
http://www.systemtools.com/hyena/index.html -- Hyena from SomarSoft
"MP" <MP@discussions.microsoft.com> wrote in message
news:5F1DF9A8-D055-47DC-90BD-8D62A5FD51D3@microsoft.com...
> Thanks Steven for the detailed response, I'm undecided if I'm brave enough
> to
> do this yet, but appreciate the tip. I wish there was an easier way!
> Thanks
> again..
>
> "Steven L Umbach" wrote:
>
>> If you have a Windows 2003 domain controller you can do multiple accounts
>> at
>> one but since this is a Windows 2000 newsgroup I assume that is not the
>> case. If you have a Windows XP Pro domain computer that you could use as
>> a
>> secure admin workstation you could install admikpak for Windows 2003 on
>> it
>> which is a free download from Microsoft and use the AD command line tools
>> to
>> do what you want with the dsquery and dsmod command line tools. Below is
>> an
>> example of how you could do it by changing all the user accounts in a
>> particular OU as an example by piping the results of dsquery user to
>> dsmod
>> ..
>>
>> http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en
>> --- adminpak for W2003
>> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/46ba1426-43fd-4985-b429-cd53d3046f01.mspx
>> ---- AD command line tools
>>
>> F:\Documents and Settings\administrator.UMBACH1.000>dsquery user
>> OU=nyt,dc=mydomain,dc=com | dsmod user -pwdneverexpires no
>> dsmod succeeded:CN=john,OU=nyt,DC=mydomain,DC=com
>> dsmod succeeded:CN=ray,OU=nyt,DC=mydomain,DC=com
>> dsmod succeeded:CN=hal,OU=nyt,DC=mydomain,DC=com
>> dsmod succeeded:CN=fox,OU=nyt,DC=mydomain,DC=com
>> dsmod succeeded:CN=fred,OU=nyt,DC=mydomain,DC=com
>>
>>
>> "MP" <MP@discussions.microsoft.com> wrote in message
>> news:CC201081-30F3-464B-B7E3-A1515512C7BB@microsoft.com...
>> > Hello,
>> >
>> > Reviewing my security policies and I'm looking to use domain wide
>> > password
>> > expiration, with the exception of service accounts. Unfortunately when
>> > the
>> > users were set up using a template, all of them have the checkbox
>> > "Password
>> > never expires" checked". My understanding is this will override the
>> > policy,
>> > so how can I uncheck this for all the users without having to touch
>> > every
>> > account?
>>
>>
>>
- Next message: Gijtech: "Re: User locked out with event 537 under type 11 logon"
- Previous message: Steven L Umbach: "Re: browse directory"
- Maybe in reply to: Steven L Umbach: "Re: Resetting "Password never expires" for all"
- Next in thread: Barry: "Re: Resetting "Password never expires" for all"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
