Setting "User must change password" for groups of users

[Tom Hulley]

I have a need to change a setting on hundreds of users
(but not all users in the domain). I want to change the
flag in each users configuration settings that says
"User must change password at next logon"

Is there a script or utility that will allow me to do this
on all users in a group or OU?
thanks
(e-mail address removed)

 

[Guest]

THis is for a single user:

*****************************************************
Set objUser = GetObject _
("LDAP://CN=bobsmith,OU=management,DC=MyCompany,DC=com")
objUser.Put "pwdLastSet", 0
objUser.SetInfo
*****************************************************


Regards

Paul

 

[Guest]

Please excuse my ignorance, but how do I use this? Would I
create a text file and run it from a command prompt like a
batch file?
Thanks
Tom

 

[Timothy H. Schilbach]

Hi there,

On your windows 2000 CD you have a directory that has a 'resource kit',
when you install it you have the AD query tool or LDAP.exe.

You can use this tool alone with a search criteria to set the
changepassword flag of specific accounts. Lets say you want to set the
accounts for any user with the first name of TOM, you would user a query
like this as your serach criteria:

(&(objectClass=person)(givenName=Tom))

This is a compount query that only returns users (not groups, printers,
computers or anything else) and only the users with the First Name of TOM.

This can be very powerful. Now lets say you wanted to return all users who
had the FirstName of TOM but exclude any users who are in the city of
Cleaveland:

(&(objectClass=person)(givenName=Tom)(!l=Cleaveland))

You can make very powerful search criteria. I suggest in doing a search
until you get the hang of it and then cut and paste you query into the
attribute modification area so you dont accidentally whack the wrong people.

I am a programmer myself and love to code solutions, but this is geared
for admins and takes about 1 - 2 minutes instead of the hour trying to
generate a script file. Its good if this is the only time you want to do it
or if its a special query.

Lemme know if this helps.

-Timothy

 

[Tom Hulley]

That is great. I can take it from here.
Thanks
Tom

-----Original Message-----
Hi there,

On your windows 2000 CD you have a directory that has a 'resource kit',
when you install it you have the AD query tool or

LDAP.exe.

 

[Guest]

I work with someone who gave a suggestion I would like to
run by this conference. Using the nt program usrmgr.exe
(the NT user manager) we can select any amount of users
and select "Properties" and set the "User Must change
password at next logon". Will this do any damage in an
Active Directory environment using this tool. We tried it
on a few test accounts and there does not seem to ba any
problem.

Thanks
Tom
(e-mail address removed)

 

[Guest]

Hi
Should'nt be any problem as Win2k3 still supports NT4 API's. You could also try this tool

ftp://ftp.microsoft.com/PSS/Tools/Exchange%20Support%20Tools/ADModify

Regards
Jan Gustavsso

----- (e-mail address removed) wrote: ----

I work with someone who gave a suggestion I would like to
run by this conference. Using the nt program usrmgr.exe
(the NT user manager) we can select any amount of users
and select "Properties" and set the "User Must change
password at next logon". Will this do any damage in an
Active Directory environment using this tool. We tried it
on a few test accounts and there does not seem to ba any
problem

Thank
To
(e-mail address removed)

 

[Joe Richards [MVP]]

Check out expire on the free win32 tools page of www.joeware.net, you give
it a list of IDs and it will expire them for you.