Find all users who have not changed there password for more than 90 days.And then check the change password on next logon

Posted on 2007-12-02
Last Modified: 2010-04-21

Find all users who have not changed there password for more than 90 days.And then check the change password on next logon.
First list the users to a file who have not changed the password in ADS.Later another script than sets them to change the password on next logon.

Question by:bsharath
  • 2
  • 2

Accepted Solution

tcicatelli earned 300 total points
ID: 20390995
Why wouldn't you just set a policy to force all users to change their password every 90 days under account policy settings?  It's a built-in feature.  I wouldn't go to the trouble of trying to find people now.  In 90 days the point would be moot.  

If you wanted to, you could just force everyone to change their password at next login and then the policy will take care of the rest.
LVL 11

Author Comment

ID: 20391020
Firstly i need to see if anyone has changed there password or not.As we have already repeatly communicated to the users to change the passwords.
First find then set the password change policy.Is there a script that i can do this...
LVL 30

Assisted Solution

LauraEHunterMVP earned 200 total points
ID: 20391513
> "In 90 days the point would be moot."

If users haven't changed their passwords, it'll be moot in a lot less than 90 days.  If you set a maximum password age of 90 days on Monday and a user's password hasn't been changed in 91 days, they will be prompted to change at their next logon.

Assisted Solution

tcicatelli earned 300 total points
ID: 20392647
Here's the location of a script that will tell you the last time a user changed their password.

As LauraEHunterMVP mentioned, just set a maximum password age of 90 days, and you can avoid using the script.
LVL 11

Author Closing Comment

ID: 31412184

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question