Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Make all Users in Domain Change Password

Posted on 2008-10-16
4
Medium Priority
?
600 Views
Last Modified: 2010-05-18
What is the best way to enforce a policy where all domain users must change their password on next login?

GP is currently set for passwords to never expire. If I change that to, say, 30 days then they will have a PwdLastSet older than 30 days.and will immediately expire... and I'm assuming that then they cannot change it.  

Any ideas?
0
Comment
Question by:Tercestisi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 3

Accepted Solution

by:
kfarnham67 earned 800 total points
ID: 22734529
Users that can see the domain controller will be prompted at next logon AFTER they type in the old password.

User already logged in will get access denied to file shares and exchange and will have to log out and log back in.

Remote users will be the tricky part. If you use RRAS for your vpn, have them change their pass manually by logging into the VPN with the old password, and doing the ctrl alt del method.

If you use 3rd party VPN like cisco, Maybe have them change it using the OWA password change feature, assuming you have that installed.
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 400 total points
ID: 22734800
1.You can select all the account, the right click, proprieties and set the flag to change password at next logon.  So one flag for all the account you have selected
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 800 total points
ID: 22734970
If you are in a large environment, procedurally you should force password changes incrementally before deploying an automated password expiry, otherwise your help desk is going to be flooded with support tickets.

Select 10/100/500 users at a time and flag their accounts for "User must change password on next logon". Do this over a series of days until all users in the domain have a relatively recent password, after which configure a maximum password age in GP.
0
 

Author Comment

by:Tercestisi
ID: 22736946
Well,  we started by flagging a test account. It worked fine accept that we have a VPN connection to another company and we could no longer access the share on their server. Called their IT and was told that the passwords are synchronized by a another IT consultant (who I have yet to call).  We changed back the password on that account and the share is now accessible.  We are going to try again and see if we can connect to the share with the previous credentials by remapping it.  Thanks guys.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question