Script to enable all user accounts.

Hi,

I need a script that will enable all user accounts in our domain.  Also I would like to set their account to not be able to change their passwords.

Thanks in advancce!!

Glenn
BeevasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dangle79Commented:
not necessary unless you've got an insane number of user accounts

create a saved query in ADUC to return all users at the root OU for the users you wish to perform this action on.
(&(objectCategory=person)(objectClass=user)(name=*))

when the list gets populated, select all (ctrl+a) right-click, Enable Account
right-click, Properties, account tab, check box for User cannot change password
0
Dangle79Commented:
there's a caveat to my caveat. i was able to get the account tab to load with all 2500+ of my users selected without ADUC barfing on it. So it should handle at least that many, just takes a bit to chew on all of it
0
BeevasAuthor Commented:
I have about 20,000 users......
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Dangle79Commented:
hmmm, yeah, that's a lot more
if it's a one time deal you could just select chunks at a time
i just veer away from scripting against my AD as i don't have a test domain. scares me
0
RobSampsonCommented:
Hi, this would do that on a test OU:

dsquery user -limit 0 OU=Test,DC=Domain,DC=Com | dsmod -disabled no -canchpwd no
 
If that works successfully, just use

dsquery user -limit 0 DC=Domain,DC=Com | dsmod -disabled no -canchpwd no
to do the same thing for every user on the entire domain.
Regards,
Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Krzysztof PytkoSenior Active Directory EngineerCommented:
according to RobSampson's answer, you need to modify it a little bit if you want to use that syntax (small mistype, so it won't work)

dsquery user -name * -limit 0| dsmod user -disabled no -canchpwd no
0
RobSampsonCommented:
Oh yeah, thanks iSiek....forgot about the -name parameter.
Rob.
0
BeevasAuthor Commented:
Seems to work great when I specifiy a OU. But it doesnt seem to transverse the OU's when I just put in the domain....


Thanks
0
RobSampsonCommented:
Instead of just putting in the domain, use iSiek's command, which uses *
Regards,
Rob.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.