?
Solved

Force everyone to change their password

Posted on 2006-10-30
15
Medium Priority
?
800 Views
Last Modified: 2011-09-20
How can I immeidately force everyone to change their password in my domain? Without going to everyone's individual account in active directory...
0
Comment
Question by:darovitz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 2000 total points
ID: 17838931
you want everyone....

dsquery user "DC=Domain, DC=Local" | dsmod user -mustchpwd yes

next time they log off they will have to change

you want to do it straight off then use psshutdown to force them to log off......
0
 

Author Comment

by:darovitz
ID: 17839414
Do I have to run those commands from run from a serve, does it matter which oner?

Where do I run psshutdown?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839424
you should run it on your DC but you can do it from an xp client if needed, psshutdown should be run from the server but you need to download from sysinternals
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:darovitz
ID: 17839459
Will it shut down my servers also... because I don't want that...
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839476
you specify who you want it to shutdown/logoff
0
 

Author Comment

by:darovitz
ID: 17839770
This is what I got


Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Melanie Putnam>dsquery user "DC=Domain, DC=Local" | ds
mod user -mustchpwd yes
dsquery failed:A referral was returned from the server.
type dsquery /? for help.dsmod failed:`Target object for this command' is missin
g.
type dsmod /? for help.
C:\Documents and Settings\Melanie Putnam>



0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839897
you need to change the domain and local entries to your domain name :)
0
 

Author Comment

by:darovitz
ID: 17839919
dsquery user | ds mod user -mustchpwd yes

I did this but can't tell if it worked
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839935
check a user account and see if the tickbox for change password on next log on is ticked
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839938
you need to use the full command though
0
 

Author Comment

by:darovitz
ID: 17839952
It says dsmod suceeded but says BUT has a default limit of 100 results to display as follows:

Dsquery has reached the default limit of 100 results to display; use the -limit
option to display more results.

Does this mean all the accounts have been reset or just the 100 I can view?
0
 

Author Comment

by:darovitz
ID: 17839968
It worked.  Thanks.. saves me the time of going through every account.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839972
its done everything just displaying 100 :)
0
 

Author Comment

by:darovitz
ID: 17839980
No, actually your right.  I checked a few and it looked like it did, but now I see it is sporadic.

How do I get it to do all accounts?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17839995
use the option               -limit 0
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question