Solved

Active directory Group Policy

Posted on 2016-08-24
3
55 Views
Last Modified: 2016-09-20
I have to force the users to change their password to 8 charactors at next logon due to some security concerns.But i have also some service accounts running with normal user accounts.
I have more than 700 Users.
Please give me any script  or the best way which exclude the service accounts and domain admin accounts and then force all other users to change their password at next logon with 8 characters,
0
Comment
Question by:kastro Abbasi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 6

Accepted Solution

by:
sAMAccountName earned 500 total points
ID: 41769461
You can use security group membership to your advantage when filtering Group Policies.  Just thinking superficially, you could update the password policy for the domain (Or if your functional level supports it, create fine grained policies) via GPO, then use a script to force change passwd at next login for all users except those in target groups (Domain Admins, Service Accounts etc).

of course, this is a fairly simple approach, but perhaps something you could build on...  The actual Powershell would be fairly easy
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41769978
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 41806182
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: sAMAccountName (https:#a41769461)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

seth2740
Experts-Exchange Cleanup Volunteer
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question