Solved

How to force user to change password on next logon without cuting them down from current sessions.

Posted on 2010-09-15
7
738 Views
Last Modified: 2012-05-10
Hi!

I've setup a GPO with maximum password age policy to 60 days.  Tied it to the domain.

Now, most of our accounts password is past that limit.  So the problem I have, is as soon as I remove the check on "Password never expires", it breaks their access to the domain ressources(Like can't save their work).

There must be a way I can ask them to change their password without breaking their current status?

Thanks for your help!

0
Comment
Question by:chiami
7 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33684031
they can change their password by pressing ctrl+alt+del without logging off
0
 
LVL 5

Expert Comment

by:MisterTwelve
ID: 33684495

Valid values for the -acctexpires flag include a positive number of days in the future when the account should expire, to expire the account at the end of the day
dsmod user "<UserDN>" -acctexpires <NumDays>
Or try
' This code sets the account expiration date for a user.
' ------ SCRIPT CONFIGURATION ------
strExpireDate = "<Date>"   ' e.g. "07/10/2004"
strUserDN = "<UserDN>"     ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------

set objUser = GetObject("LDAP://" & strUserDN)
objUser.AccountExpirationDate = strExpireDate
objUser.SetInfo
WScript.Echo "Set user " & strUserDN & " to expire on " & strExpireDate
 
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33684838
create a bat or cmd file on DC, let's say users_change.cmd and put there

@echo off

dsquery user -name * -limit 0| dsmod user -mustchpwd yes -canchpwd yes -pwdneverexpires no -disabled no

and set up a task scheduler to run this batch file in your convenient time (let's say at 11 pm)
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33684860
ok, that's wrong idea :/ It also forces password change for system users and administrators. You have to specify OU where those users are.

i.e.

@echo off

dsquery user "ou=your_OU_with_Users1,dc=domain,dc=com" -name * -limit 0| dsmod user -mustchpwd yes -canchpwd yes -pwdneverexpires no -disabled no

and each dsquery for each OU.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33685544
"I've setup a GPO with maximum password age policy to 60 days"
 
temporarily change this to a higher number greater than the oldest password.
 
You can find the number out with this tip
 
http://www.windowsitpro.com/article/tips/jsi-tip-3988-network-account-password-age-netpwage-freeware-.aspx 
0
 
LVL 11

Expert Comment

by:sighar
ID: 33689905
What about "User must change password at next logon" option on the Account?
0
 

Accepted Solution

by:
chiami earned 0 total points
ID: 33736847
None of the comments fixed it, but some helped...

Thanks
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now