• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2037
  • Last Modified:

Bulk Active Directory - User Must Change Password at Next Logon

We need to do a bulk password reset for a number of users in our Windows domain during a maintenance window. Using the net user command I can pretty easily change the passwords and set the user accounts to not allow the users to change their passwords:

net user testuser password /domain /passwordchg:no

The problem is that once the maintenance window is over, we need to set the user attribute "User must change password at next logon". I was hoping to do this using the net user command because it's so simple and doesn't involve any 3rd-party software. Anyone have any ideas?
  • 2
1 Solution
Mike KlineCommented:
I'd have to test net user.  This can also be done using adfind/admod, powershell,

You can also do this via the GUI too.  Highlight the users and right click and select properties


Joseph DalyCommented:
This is very simple to do using the DS series of tools.

Dsquery user -samid {username} | dsmod user -mustchpwd yes
Joseph DalyCommented:
I should mentiond the DS command above can be run on any computer that has the server 2003 adminpak installed.

And if you want to cut out a step from the process you can set the password and force them to change it in the same step.

Dsquery user -samid {username} | dsmod user -pwd {desired password} -mustchpwd yes
You can do it easily using dsa.msc
Open AD users and computer management console>Select mutiple users or bulk no of users>right click>click property>click account
Change whatever you need


Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now