Harbinson
asked on
Create AD query for users accounts that are forced to change password at next logon or where password is beyond the expiration date
Is there a way within the Active Directory Management tool in Windows 2003 to create a query to show user accounts that are forced to change password upon next logon? This would be similar to the list query for accounts that are set to NoPwdExpire but I can't seem to find the option to do this.
Similarly, is there a way to identify user accounts where the password is beyond the expiration date, or accounts that are beyond their expiration date?
Similarly, is there a way to identify user accounts where the password is beyond the expiration date, or accounts that are beyond their expiration date?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Something like:
dsquery user -name * | dsget user -mustchpwd
If you want a text file of the output then wrap it in a loop:
for /f "delims=" %%A in (dsquery user -name *) do (
dsget user %%A -mustchpwd >> c:\mustchpwd.txt
)
dsquery user -name * | dsget user -mustchpwd
If you want a text file of the output then wrap it in a loop:
for /f "delims=" %%A in (dsquery user -name *) do (
dsget user %%A -mustchpwd >> c:\mustchpwd.txt
)
ASKER
Thanks wwwally for your help. It worked perfectly.
I found this when I was looking for something similar to monitor user passwords. It may be of use to you
https://www.experts-exchange.com/questions/21143319/Check-age-of-network-passwords.html?query=query+expired+passwords&topics=666
Regards
Steve