While testing a GPO to require users to change passwords every 90 days...I accidently applied it.
Now all my off-site users who use OWA only can't log into OWA, needless to say they can't change their password.
I need to reverse that GPO settings and the only way to remove the "user must change password at next login" flag seems to be modifying this flag
to -1 instead of "0"
The script according to this KB article: http://www.microsoft.com/technet/scriptcenter/guide/sas_usr_akke.mspx?mfr=true
Gives me the following code
Set objUser = GetObject _
objUser.Put "pwdLastSet", -1
But how can I modify that LDAP query to say ALL USERS??
Unless of course I'm going about this the long way. I simply want to reset the flag that says users must change password at next login to continue to let them use the password they already have. Versus forcing them to change it.