Link to home
Start Free TrialLog in
Avatar of Harbinson
Harbinson

asked on

Create AD query for users accounts that are forced to change password at next logon or where password is beyond the expiration date

Is there a way within the Active Directory Management tool in Windows 2003 to create a query to show user accounts that are forced to change password upon next logon?  This would be similar to the list query for accounts that are set to NoPwdExpire but I can't seem to find the option to do this.

Similarly, is there a way to identify user accounts where the password is beyond the expiration date, or accounts that are beyond their expiration date?
Avatar of Stephen Manderson
Stephen Manderson
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi there,

I found this when I was looking for something similar to monitor user passwords. It may be of use to you
https://www.experts-exchange.com/questions/21143319/Check-age-of-network-passwords.html?query=query+expired+passwords&topics=666

Regards
Steve
ASKER CERTIFIED SOLUTION
Avatar of wwwally
wwwally
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Netman66
Something like:


dsquery user -name * | dsget user -mustchpwd


If you want a text file of the output then wrap it in a loop:

for /f "delims=" %%A in (dsquery user -name *) do (
     dsget user %%A -mustchpwd >> c:\mustchpwd.txt
     )

Avatar of Harbinson
Harbinson

ASKER

Thanks wwwally for your help.  It worked perfectly.