Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

One-time password change for all users?

Posted on 2012-04-09
6
Medium Priority
?
489 Views
Last Modified: 2012-04-10
I'd like to enforce a one-time password changes for all users in AD.  The problem is, we have some users that work once a month and only use OWA.  So, if I set passwords to expire in 30 days, then some users may have to change their password twice.  If the OWA users don't change before expiration, they are locked out which causes IT major inconvenience.

Does anyone have a strategy they can suggest?
0
Comment
Question by:sbumpas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 37824777
If I understand your question correctly, you should be about to right click all of your users in an OU - select properties and then account. Then check user must change password at next logon.

I would test this on a small set of users first.
0
 
LVL 17

Expert Comment

by:pjam
ID: 37824855
What jmoody says is what we do when we migrate a site from one domain to a another
0
 

Author Comment

by:sbumpas
ID: 37825054
The problem with that strategy is OWA users are locked out until their passwords are changed via AD login.  Some users rely exclusively on OWA, so we would get dozens of calls to unlock accounts.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 11

Expert Comment

by:BillBondo
ID: 37825075
perhaps make the owa people a separate group with longer password changes
0
 

Author Comment

by:sbumpas
ID: 37825088
Well this would be a one-time change, so I'm not sure how a longer interval would help?
0
 
LVL 1

Accepted Solution

by:
Columbia Energy earned 2000 total points
ID: 37825682
There's no clean way to do what you ask.  Exclude the OWA users from the forced password change.  If this is OWA 2007 or later, email those users and instruct them to change their passwords and provide instructions on how to do so (via OWA).

It's not perfect, but it should reduce the headaches.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question