Enable complex password and force all users to change their password asap.

Hello,

We are in a Windows 2008 environment with windows 2003 domain functional level.

We want to enable password complexity in our domain policy.  

How do we trigger the change to happen right the way to force the all the users to specify a complex password?  

Please advise.
nav2567Asked:
Who is Participating?
 
Will SzymkowskiSenior Solution ArchitectCommented:
To force a reset you will need to use dsquery user | dsmod user -mustchpwd yes command. Personally I would not do this. I would create the password complexity policy, find the users where their passwordLastSet attribute is. Then send out an email notification to tell users to change there password.

Once the password complexity policy has been set you can also use the PasswordLastSet to find out which users have in fact reset/changed their password.

Use the below command below
get-aduser -filter * -properties passwordlastset, passwordneverexpires | sort name | ft Name, passwordlastset, Passwordneverexpires

Open in new window


Will.
0
 
Natty GregIn Theory (IT)Commented:
Set the password policy, along with the complexity and you can also type a note within the settings notifying the user they must change their password and the minimum length required. all can be done in group policy and force group policy from domain controller everyone will have to comply. set it so that on their next logon they have to change their password.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.