• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 499
  • Last Modified:

Script let user in AD 2003 change password expire date to next 2 week

Hi All,

      Any one know how to set all user password expire date to next 2 weeks from today.

      From internet I can find how to view password will be expire but I can't find how to let system force change password next week or next 2 week.

Thank in advance.
 
0
Simpson_STL
Asked:
Simpson_STL
  • 3
2 Solutions
 
Hendrik WieseInformation Security ManagerCommented:
You would have to create a GPO for this. Please see links below on how to setup the Password policy using GPO.

You would need to read from "For a domain, and you are on a member server or a workstation that is joined to the domain"

Please go to http://technet.microsoft.com/en-us/library/cc781633(WS.10).aspx for instructions?
0
 
Simpson_STLAuthor Commented:
Thank you for your comment,

 I'm already set policy to change password each 180 days, but as of today new policy release to let every one to change password with in this month, So I'm would like to change their password expiredate to next 2 weeks. Please advise.

regards,
Simpson.
0
 
Hendrik WieseInformation Security ManagerCommented:
You can change it to 14days and enforce the policy. Then after they restart their machines and everyone has changed their password then you can just set it back to 180 days if you want.
0
 
Hendrik WieseInformation Security ManagerCommented:
You can also use the following tool to force a password change in bulk: http://www.petri.co.il/password-control-bulk-modify-for-active-directory-windows-server-2008.htm
0
 
pritamduttCommented:
Hi Please find the code to set password expiration date.

There are two ways to approach this problem:

1. Set a New Expiration Date
2.  Expire the password so it must be change at next logon.

Option Explicit 
On Error Resume Next 
Dim oQuery 
Dim objConnection 
Dim objCommand 
Dim objRecordSet 
Dim objUser 
Dim objRoot 
Dim NamingContext 
 
 
set objRoot = getobject("LDAP://RootDSE") 
NamingContext = objRoot.get("defaultNamingContext") 
oQuery = "<LDAP://" & NamingContext & ">;" & "(objectClass=user);adspath;subtree" 
 
 
'=======all the following lines are the same for every script==================== 
Set objConnection = CreateObject("ADODB.Connection") 
Set objCommand = CreateObject("ADODB.Command") 
objConnection.Open "Provider=ADsDSOObject;" 
objCommand.ActiveConnection = objConnection 
objCommand.CommandText = oQuery 
Set objRecordSet = objCommand.Execute 
obj 
'================================================================================= 
 
While Not objRecordSet.EOF 
 
Set objUser=GetObject(objRecordSet(0)) 
 
'Set a New Expiration Date
 objUser.AccountExpirationDate = #30/11/2011#

' Expire the password so it must be change at next logon.
objUser.pwdLastSet = 0

objUser.SetInfo 
objRecordSet.MoveNext 
 
Wend 
 
objConnection.Close 
Set objUser=Nothing 

Open in new window


Hope this helps!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now