Solved

One-time password change for all users?

Posted on 2012-04-09
6
459 Views
Last Modified: 2012-04-10
I'd like to enforce a one-time password changes for all users in AD.  The problem is, we have some users that work once a month and only use OWA.  So, if I set passwords to expire in 30 days, then some users may have to change their password twice.  If the OWA users don't change before expiration, they are locked out which causes IT major inconvenience.

Does anyone have a strategy they can suggest?
0
Comment
Question by:sbumpas
6 Comments
 
LVL 21

Expert Comment

by:Joseph Moody
ID: 37824777
If I understand your question correctly, you should be about to right click all of your users in an OU - select properties and then account. Then check user must change password at next logon.

I would test this on a small set of users first.
0
 
LVL 17

Expert Comment

by:pjam
ID: 37824855
What jmoody says is what we do when we migrate a site from one domain to a another
0
 

Author Comment

by:sbumpas
ID: 37825054
The problem with that strategy is OWA users are locked out until their passwords are changed via AD login.  Some users rely exclusively on OWA, so we would get dozens of calls to unlock accounts.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 11

Expert Comment

by:BillBondo
ID: 37825075
perhaps make the owa people a separate group with longer password changes
0
 

Author Comment

by:sbumpas
ID: 37825088
Well this would be a one-time change, so I'm not sure how a longer interval would help?
0
 
LVL 1

Accepted Solution

by:
Columbia Energy earned 500 total points
ID: 37825682
There's no clean way to do what you ask.  Exclude the OWA users from the forced password change.  If this is OWA 2007 or later, email those users and instruct them to change their passwords and provide instructions on how to do so (via OWA).

It's not perfect, but it should reduce the headaches.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now