Force Password Reset

Windows 2003 AD - about 160 user accounts

I will be implementing Anixis Password Policy Enforcer which will enforce our own version of a strong password policy.  I'd like to force a "password reset at next logon" policy.  I would like to do this by domain group so we don't have to visit each account and also so we're not flooded with calls if we were to force it at the root.  Looking for the best way to accomplish this task.
Who is Participating?
dhcpdiscoverConnect With a Mentor Commented:
To reset multiple user passwords to a common password and force them to change their passwords the next time they logon: (in the command prompt)

dsquery user "OU=YourUsersOU,dc=YourDomainName,dc=com | dsmod user -pwd A1b2C3d4 -mustchpwd yes

Here we pipe the results of dsquery command as input to dsmod command. That way all the users password will be changed to A1b2C3d4 and they'll be forced to change their passwords the next time they will logon.You have to change your OU names and structure as necessary in the command. I recommend use the first part before the pipe and check the results. Maybe you don't want to change the admins or server operator accounts passwords! If that's the case change the dsquery part as necessary. And also be aware of your password policy (it may return errors if you use a blank or simple password)
Check out

You can make bulk changes to AD (such as ticking the box for password change at next logon) - also allows you to be as granular as you need for selecting OUs/Users.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.