Solved

Make all Users in Domain Change Password

Posted on 2008-10-16
4
598 Views
Last Modified: 2010-05-18
What is the best way to enforce a policy where all domain users must change their password on next login?

GP is currently set for passwords to never expire. If I change that to, say, 30 days then they will have a PwdLastSet older than 30 days.and will immediately expire... and I'm assuming that then they cannot change it.  

Any ideas?
0
Comment
Question by:Tercestisi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
kfarnham67 earned 200 total points
ID: 22734529
Users that can see the domain controller will be prompted at next logon AFTER they type in the old password.

User already logged in will get access denied to file shares and exchange and will have to log out and log back in.

Remote users will be the tricky part. If you use RRAS for your vpn, have them change their pass manually by logging into the VPN with the old password, and doing the ctrl alt del method.

If you use 3rd party VPN like cisco, Maybe have them change it using the OWA password change feature, assuming you have that installed.
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 100 total points
ID: 22734800
1.You can select all the account, the right click, proprieties and set the flag to change password at next logon.  So one flag for all the account you have selected
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 200 total points
ID: 22734970
If you are in a large environment, procedurally you should force password changes incrementally before deploying an automated password expiry, otherwise your help desk is going to be flooded with support tickets.

Select 10/100/500 users at a time and flag their accounts for "User must change password on next logon". Do this over a series of days until all users in the domain have a relatively recent password, after which configure a maximum password age in GP.
0
 

Author Comment

by:Tercestisi
ID: 22736946
Well,  we started by flagging a test account. It worked fine accept that we have a VPN connection to another company and we could no longer access the share on their server. Called their IT and was told that the passwords are synchronized by a another IT consultant (who I have yet to call).  We changed back the password on that account and the share is now accessible.  We are going to try again and see if we can connect to the share with the previous credentials by remapping it.  Thanks guys.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question