[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

How to force user to change password on next logon without cuting them down from current sessions.

Posted on 2010-09-15
7
Medium Priority
?
793 Views
Last Modified: 2012-05-10
Hi!

I've setup a GPO with maximum password age policy to 60 days.  Tied it to the domain.

Now, most of our accounts password is past that limit.  So the problem I have, is as soon as I remove the check on "Password never expires", it breaks their access to the domain ressources(Like can't save their work).

There must be a way I can ask them to change their password without breaking their current status?

Thanks for your help!

0
Comment
Question by:chiami
7 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 33684031
they can change their password by pressing ctrl+alt+del without logging off
0
 
LVL 5

Expert Comment

by:MisterTwelve
ID: 33684495

Valid values for the -acctexpires flag include a positive number of days in the future when the account should expire, to expire the account at the end of the day
dsmod user "<UserDN>" -acctexpires <NumDays>
Or try
' This code sets the account expiration date for a user.
' ------ SCRIPT CONFIGURATION ------
strExpireDate = "<Date>"   ' e.g. "07/10/2004"
strUserDN = "<UserDN>"     ' e.g. cn=rallen,ou=Sales,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------

set objUser = GetObject("LDAP://" & strUserDN)
objUser.AccountExpirationDate = strExpireDate
objUser.SetInfo
WScript.Echo "Set user " & strUserDN & " to expire on " & strExpireDate
 
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33684838
create a bat or cmd file on DC, let's say users_change.cmd and put there

@echo off

dsquery user -name * -limit 0| dsmod user -mustchpwd yes -canchpwd yes -pwdneverexpires no -disabled no

and set up a task scheduler to run this batch file in your convenient time (let's say at 11 pm)
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33684860
ok, that's wrong idea :/ It also forces password change for system users and administrators. You have to specify OU where those users are.

i.e.

@echo off

dsquery user "ou=your_OU_with_Users1,dc=domain,dc=com" -name * -limit 0| dsmod user -mustchpwd yes -canchpwd yes -pwdneverexpires no -disabled no

and each dsquery for each OU.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 33685544
"I've setup a GPO with maximum password age policy to 60 days"
 
temporarily change this to a higher number greater than the oldest password.
 
You can find the number out with this tip
 
http://www.windowsitpro.com/article/tips/jsi-tip-3988-network-account-password-age-netpwage-freeware-.aspx 
0
 
LVL 11

Expert Comment

by:Sigurdur Haraldsson
ID: 33689905
What about "User must change password at next logon" option on the Account?
0
 

Accepted Solution

by:
chiami earned 0 total points
ID: 33736847
None of the comments fixed it, but some helped...

Thanks
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question