Force Password Reset

Posted on 2007-08-07
Last Modified: 2013-11-05
Windows 2003 AD - about 160 user accounts

I will be implementing Anixis Password Policy Enforcer which will enforce our own version of a strong password policy.  I'd like to force a "password reset at next logon" policy.  I would like to do this by domain group so we don't have to visit each account and also so we're not flooded with calls if we were to force it at the root.  Looking for the best way to accomplish this task.
Question by:hbsr
    LVL 19

    Expert Comment

    Check out

    You can make bulk changes to AD (such as ticking the box for password change at next logon) - also allows you to be as granular as you need for selecting OUs/Users.
    LVL 2

    Accepted Solution

    To reset multiple user passwords to a common password and force them to change their passwords the next time they logon: (in the command prompt)

    dsquery user "OU=YourUsersOU,dc=YourDomainName,dc=com | dsmod user -pwd A1b2C3d4 -mustchpwd yes

    Here we pipe the results of dsquery command as input to dsmod command. That way all the users password will be changed to A1b2C3d4 and they'll be forced to change their passwords the next time they will logon.You have to change your OU names and structure as necessary in the command. I recommend use the first part before the pipe and check the results. Maybe you don't want to change the admins or server operator accounts passwords! If that's the case change the dsquery part as necessary. And also be aware of your password policy (it may return errors if you use a blank or simple password)

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now