Avatar of Harbinson
 asked on

Create AD query for users accounts that are forced to change password at next logon or where password is beyond the expiration date

Is there a way within the Active Directory Management tool in Windows 2003 to create a query to show user accounts that are forced to change password upon next logon?  This would be similar to the list query for accounts that are set to NoPwdExpire but I can't seem to find the option to do this.

Similarly, is there a way to identify user accounts where the password is beyond the expiration date, or accounts that are beyond their expiration date?
Windows Server 2003

Avatar of undefined
Last Comment

8/22/2022 - Mon
Stephen Manderson

Hi there,

I found this when I was looking for something similar to monitor user passwords. It may be of use to you


Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Something like:

dsquery user -name * | dsget user -mustchpwd

If you want a text file of the output then wrap it in a loop:

for /f "delims=" %%A in (dsquery user -name *) do (
     dsget user %%A -mustchpwd >> c:\mustchpwd.txt


Thanks wwwally for your help.  It worked perfectly.  
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes