Solved

Make all Users in Domain Change Password

Posted on 2008-10-16
4
596 Views
Last Modified: 2010-05-18
What is the best way to enforce a policy where all domain users must change their password on next login?

GP is currently set for passwords to never expire. If I change that to, say, 30 days then they will have a PwdLastSet older than 30 days.and will immediately expire... and I'm assuming that then they cannot change it.  

Any ideas?
0
Comment
Question by:Tercestisi
4 Comments
 
LVL 3

Accepted Solution

by:
kfarnham67 earned 200 total points
ID: 22734529
Users that can see the domain controller will be prompted at next logon AFTER they type in the old password.

User already logged in will get access denied to file shares and exchange and will have to log out and log back in.

Remote users will be the tricky part. If you use RRAS for your vpn, have them change their pass manually by logging into the VPN with the old password, and doing the ctrl alt del method.

If you use 3rd party VPN like cisco, Maybe have them change it using the OWA password change feature, assuming you have that installed.
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 100 total points
ID: 22734800
1.You can select all the account, the right click, proprieties and set the flag to change password at next logon.  So one flag for all the account you have selected
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 200 total points
ID: 22734970
If you are in a large environment, procedurally you should force password changes incrementally before deploying an automated password expiry, otherwise your help desk is going to be flooded with support tickets.

Select 10/100/500 users at a time and flag their accounts for "User must change password on next logon". Do this over a series of days until all users in the domain have a relatively recent password, after which configure a maximum password age in GP.
0
 

Author Comment

by:Tercestisi
ID: 22736946
Well,  we started by flagging a test account. It worked fine accept that we have a VPN connection to another company and we could no longer access the share on their server. Called their IT and was told that the passwords are synchronized by a another IT consultant (who I have yet to call).  We changed back the password on that account and the share is now accessible.  We are going to try again and see if we can connect to the share with the previous credentials by remapping it.  Thanks guys.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question