We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Force everyone to change their password

darovitz
darovitz asked
on
Medium Priority
845 Views
Last Modified: 2011-09-20
How can I immeidately force everyone to change their password in my domain? Without going to everyone's individual account in active directory...
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006
Commented:
you want everyone....

dsquery user "DC=Domain, DC=Local" | dsmod user -mustchpwd yes

next time they log off they will have to change

you want to do it straight off then use psshutdown to force them to log off......

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Do I have to run those commands from run from a serve, does it matter which oner?

Where do I run psshutdown?
CERTIFIED EXPERT
Top Expert 2006

Commented:
you should run it on your DC but you can do it from an xp client if needed, psshutdown should be run from the server but you need to download from sysinternals

Author

Commented:
Will it shut down my servers also... because I don't want that...
CERTIFIED EXPERT
Top Expert 2006

Commented:
you specify who you want it to shutdown/logoff

Author

Commented:
This is what I got


Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Melanie Putnam>dsquery user "DC=Domain, DC=Local" | ds
mod user -mustchpwd yes
dsquery failed:A referral was returned from the server.
type dsquery /? for help.dsmod failed:`Target object for this command' is missin
g.
type dsmod /? for help.
C:\Documents and Settings\Melanie Putnam>



CERTIFIED EXPERT
Top Expert 2006

Commented:
you need to change the domain and local entries to your domain name :)

Author

Commented:
dsquery user | ds mod user -mustchpwd yes

I did this but can't tell if it worked
CERTIFIED EXPERT
Top Expert 2006

Commented:
check a user account and see if the tickbox for change password on next log on is ticked
CERTIFIED EXPERT
Top Expert 2006

Commented:
you need to use the full command though

Author

Commented:
It says dsmod suceeded but says BUT has a default limit of 100 results to display as follows:

Dsquery has reached the default limit of 100 results to display; use the -limit
option to display more results.

Does this mean all the accounts have been reset or just the 100 I can view?

Author

Commented:
It worked.  Thanks.. saves me the time of going through every account.
CERTIFIED EXPERT
Top Expert 2006

Commented:
its done everything just displaying 100 :)

Author

Commented:
No, actually your right.  I checked a few and it looked like it did, but now I see it is sporadic.

How do I get it to do all accounts?
CERTIFIED EXPERT
Top Expert 2006

Commented:
use the option               -limit 0
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.