Bulk Active Directory - User Must Change Password at Next Logon

Posted on 2011-05-05
Last Modified: 2012-05-11
We need to do a bulk password reset for a number of users in our Windows domain during a maintenance window. Using the net user command I can pretty easily change the passwords and set the user accounts to not allow the users to change their passwords:

net user testuser password /domain /passwordchg:no

The problem is that once the maintenance window is over, we need to set the user attribute "User must change password at next logon". I was hoping to do this using the net user command because it's so simple and doesn't involve any 3rd-party software. Anyone have any ideas?
Question by:leatherleaf
    LVL 57

    Expert Comment

    by:Mike Kline
    I'd have to test net user.  This can also be done using adfind/admod, powershell,

    You can also do this via the GUI too.  Highlight the users and right click and select properties


    LVL 35

    Expert Comment

    by:Joseph Daly
    This is very simple to do using the DS series of tools.

    Dsquery user -samid {username} | dsmod user -mustchpwd yes
    LVL 35

    Accepted Solution

    I should mentiond the DS command above can be run on any computer that has the server 2003 adminpak installed.

    And if you want to cut out a step from the process you can set the password and force them to change it in the same step.

    Dsquery user -samid {username} | dsmod user -pwd {desired password} -mustchpwd yes
    LVL 9

    Expert Comment

    You can do it easily using dsa.msc
    Open AD users and computer management console>Select mutiple users or bulk no of users>right click>click property>click account
    Change whatever you need


    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    At some point in your work you may run into a need to globally assign a specific file type to open using a specific program. I recently was tasked with completing this objective. In my case it was setting the TSV file association to open with Excel.…
    The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now