Solved

Enable complex password and force all users to change their password asap.

Posted on 2015-02-17
2
387 Views
Last Modified: 2015-04-02
Hello,

We are in a Windows 2008 environment with windows 2003 domain functional level.

We want to enable password complexity in our domain policy.  

How do we trigger the change to happen right the way to force the all the users to specify a complex password?  

Please advise.
0
Comment
Question by:nav2567
2 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
ID: 40615506
To force a reset you will need to use dsquery user | dsmod user -mustchpwd yes command. Personally I would not do this. I would create the password complexity policy, find the users where their passwordLastSet attribute is. Then send out an email notification to tell users to change there password.

Once the password complexity policy has been set you can also use the PasswordLastSet to find out which users have in fact reset/changed their password.

Use the below command below
get-aduser -filter * -properties passwordlastset, passwordneverexpires | sort name | ft Name, passwordlastset, Passwordneverexpires

Open in new window


Will.
0
 
LVL 9

Assisted Solution

by:nattygreg
nattygreg earned 250 total points
ID: 40615842
Set the password policy, along with the complexity and you can also type a note within the settings notifying the user they must change their password and the minimum length required. all can be done in group policy and force group policy from domain controller everyone will have to comply. set it so that on their next logon they have to change their password.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now