Solved

Make all Users in Domain Change Password

Posted on 2008-10-16
4
595 Views
Last Modified: 2010-05-18
What is the best way to enforce a policy where all domain users must change their password on next login?

GP is currently set for passwords to never expire. If I change that to, say, 30 days then they will have a PwdLastSet older than 30 days.and will immediately expire... and I'm assuming that then they cannot change it.  

Any ideas?
0
Comment
Question by:Tercestisi
4 Comments
 
LVL 3

Accepted Solution

by:
kfarnham67 earned 200 total points
ID: 22734529
Users that can see the domain controller will be prompted at next logon AFTER they type in the old password.

User already logged in will get access denied to file shares and exchange and will have to log out and log back in.

Remote users will be the tricky part. If you use RRAS for your vpn, have them change their pass manually by logging into the VPN with the old password, and doing the ctrl alt del method.

If you use 3rd party VPN like cisco, Maybe have them change it using the OWA password change feature, assuming you have that installed.
0
 
LVL 18

Assisted Solution

by:sk_raja_raja
sk_raja_raja earned 100 total points
ID: 22734800
1.You can select all the account, the right click, proprieties and set the flag to change password at next logon.  So one flag for all the account you have selected
0
 
LVL 30

Assisted Solution

by:LauraEHunterMVP
LauraEHunterMVP earned 200 total points
ID: 22734970
If you are in a large environment, procedurally you should force password changes incrementally before deploying an automated password expiry, otherwise your help desk is going to be flooded with support tickets.

Select 10/100/500 users at a time and flag their accounts for "User must change password on next logon". Do this over a series of days until all users in the domain have a relatively recent password, after which configure a maximum password age in GP.
0
 

Author Comment

by:Tercestisi
ID: 22736946
Well,  we started by flagging a test account. It worked fine accept that we have a VPN connection to another company and we could no longer access the share on their server. Called their IT and was told that the passwords are synchronized by a another IT consultant (who I have yet to call).  We changed back the password on that account and the share is now accessible.  We are going to try again and see if we can connect to the share with the previous credentials by remapping it.  Thanks guys.
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now