I was wondering if there is a way to reset all user accounts in AD to require them to change their passwords within the next 14 days. Some of the users have been on the domain for over a year, while most have been in the domain for almost 90 days, and the remaining user have been added within the last 60 days. I know I can create a GPO and set the Password Policy, but I need a way to effectively handle the user accounts that have not changed their passwords since their accounts have been in the Domain.
Is there a way to assign/change the date the user's password was last changed? If so I could write a vbscript program that would reset those accounts that have not changed their password within the last 90 days and create the Password Policy, which would allow Windows to notify the user to change their password in the next 14 days when they log in.