Script to enable all user accounts.

Hi,

I need a script that will enable all user accounts in our domain.  Also I would like to set their account to not be able to change their passwords.

Thanks in advancce!!

Glenn
BeevasAsked:
Who is Participating?
 
RobSampsonConnect With a Mentor Commented:
Hi, this would do that on a test OU:

dsquery user -limit 0 OU=Test,DC=Domain,DC=Com | dsmod -disabled no -canchpwd no
 
If that works successfully, just use

dsquery user -limit 0 DC=Domain,DC=Com | dsmod -disabled no -canchpwd no
to do the same thing for every user on the entire domain.
Regards,
Rob.
0
 
Dangle79Commented:
not necessary unless you've got an insane number of user accounts

create a saved query in ADUC to return all users at the root OU for the users you wish to perform this action on.
(&(objectCategory=person)(objectClass=user)(name=*))

when the list gets populated, select all (ctrl+a) right-click, Enable Account
right-click, Properties, account tab, check box for User cannot change password
0
 
Dangle79Commented:
there's a caveat to my caveat. i was able to get the account tab to load with all 2500+ of my users selected without ADUC barfing on it. So it should handle at least that many, just takes a bit to chew on all of it
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
BeevasAuthor Commented:
I have about 20,000 users......
0
 
Dangle79Commented:
hmmm, yeah, that's a lot more
if it's a one time deal you could just select chunks at a time
i just veer away from scripting against my AD as i don't have a test domain. scares me
0
 
Krzysztof PytkoActive Directory EngineerCommented:
according to RobSampson's answer, you need to modify it a little bit if you want to use that syntax (small mistype, so it won't work)

dsquery user -name * -limit 0| dsmod user -disabled no -canchpwd no
0
 
RobSampsonCommented:
Oh yeah, thanks iSiek....forgot about the -name parameter.
Rob.
0
 
BeevasAuthor Commented:
Seems to work great when I specifiy a OU. But it doesnt seem to transverse the OU's when I just put in the domain....


Thanks
0
 
RobSampsonCommented:
Instead of just putting in the domain, use iSiek's command, which uses *
Regards,
Rob.
0
All Courses

From novice to tech pro — start learning today.