<div>
If I understand your question correctly, you should be about to right click all of your users in an OU - select properties and then account. Then check user must change password at next logon.<br />
<br />
I would test this on a small set of users first.
</div>


If I understand your question correctly, you should be about to right click all of your users in an OU - select properties and then account. Then check user must change password at next logon.

I would test this on a small set of users first.

<div>
What jmoody says is what we do when we migrate a site from one domain to a another
</div>


What jmoody says is what we do when we migrate a site from one domain to a another

<div>
The problem with that strategy is OWA users are locked out until their passwords are changed via AD login. &nbsp;Some users rely exclusively on OWA, so we would get dozens of calls to unlock accounts.
</div>


The problem with that strategy is OWA users are locked out until their passwords are changed via AD login.  Some users rely exclusively on OWA, so we would get dozens of calls to unlock accounts.

<div>
perhaps make the owa people a separate group with longer password changes
</div>


perhaps make the owa people a separate group with longer password changes

<div>
Well this would be a one-time change, so I'm not sure how a longer interval would help?
</div>


Well this would be a one-time change, so I'm not sure how a longer interval would help?

<div>
<div class="content wysiwyg-content">
I'd like to enforce a one-time password changes for all users in AD. &nbsp;The problem is, we have some users that work once a month and only use OWA. &nbsp;So, if I set passwords to expire in 30 days, then some users may have to change their password twice. &nbsp;If the OWA users don't change before expiration, they are locked out which causes IT major inconvenience.<br />
<br />
Does anyone have a strategy they can suggest?
</div>
</div>


I'd like to enforce a one-time password changes for all users in AD.  The problem is, we have some users that work once a month and only use OWA.  So, if I set passwords to expire in 30 days, then some users may have to change their password twice.  If the OWA users don't change before expiration, they are locked out which causes IT major inconvenience.

Does anyone have a strategy they can suggest?

One-time password change for all users?

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.