Is there an easy way to change users passwords for over 100 staff?   This is Active Directory.  Win 2012/2016

J.R. Sitman
J.R. Sitman used Ask the Experts™
on
We need to change over 100 users passwords.  Is there any easy way to do this.  We are using Active Directory, Win 2012 and 2016
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
The Set-ADAccountPassword cmdlet can do it.

https://docs.microsoft.com/en-us/powershell/module/addsadministration/set-adaccountpassword?view=win10-ps

Is the list of users in a text file or something? It could be easily scripted with pulling from a text file or a query filter.
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
If you use that gallery script, be sure to test it as it's only been validated on 2008 and 2008r2. Personally I would go with the Microsoft cmdlets over a custom module.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

J.R. SitmanIT Director

Author

Commented:
Thanks, but I have ZERO experience with Powershell.  I would not be comfortable running a script.
hello , if you dont want to run a script ,, this is a GUI that will allow you to do this .. its very easy to use.

http://www.wisesoft.co.uk/software/bulkadusers/default.aspx
Distinguished Expert 2018

Commented:
The latter tool might be the easiest way for you, but I strongly recommend to become familiar with PowerShell basics. You don't need to learn the whole thing, but invest in a beginners course or see if you can find online tutorials. For bulk operations, this is SO useful.

I have a question for you, nevertheless: what would you want to change the password to? Will those users get the same passwords? That is not advisable. If it's however not the same password, I will give you an example on how to proceed: On your DC, place a userlist (c:\temp\list.txt) and use this command on the command line:
for /f %a in (c:\temp\list.txt) do net user %a /random>>c:\temp\passwords_set.txt

Open in new window

This outputfile passwords_set.txt will be a list of all usernames and (randomly) generated passwords.

Please note that these passwords are 8 characters long, which might suffice for a short time, but in secure environments, should be changed to a longer password.
J.R. SitmanIT Director

Author

Commented:
We need to change the passwords because we believe our company Facebook page was hacked.  A few users got the email that they were using porn sites and to pay the bitcoins.

I will take your suggestion and try your example.
Senior Network Consultant / Engineer
Commented:
Instead of setting everyone's password, I would send out information on how to come up with a good password and let everyone know that passwords will expire in n days. Then at the time chosen, set everyone's account to change at next logon. That can be done from Active Directory Users and Computers. Just select all the users you want to configure, right-click and choose properties... ForcePasswordReset.png
J.R. SitmanIT Director

Author

Commented:
not a bad idea, Jeremy
Distinguished Expert 2018

Commented:
Be sure to enforce password complexity and password history policies at the same time.
J.R. SitmanIT Director

Author

Commented:
got it
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
Password history, yes. Password complexity... no longer recommended.

From another post of mine:
NIST, FTC, and Microsoft (and others as well) have changed their password guidance. So unless this is a requirement of some regulation you need to follow, I would consider at the very least not implementing a password age requirement. You may also want to remove the complexity requirement too.  

More info:
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf

NIST’s draft guidelines is much more exhaustive and encompasses much more than just password recommendations.
http://www.csoonline.com/article/3195181/data-protection/vendors-approve-of-nist-password-draft.html
https://pages.nist.gov/800-63-3/sp800-63b.html
J.R. SitmanIT Director

Author

Commented:
Thanks for the article but I am going to set a password age requirement.
Jeremy WeisingerSenior Network Consultant / Engineer

Commented:
That is up to you but studies have shown that doing so will cause users to choose less secure passwords.
J.R. SitmanIT Director

Author

Commented:
Thanks to all for the help.  These solutions are easiest for me.
Distinguished Expert 2018

Commented:
Please acknowledge that several other comments deserve credit because they made you aware of things and questioned things. It would be better to split points, then. Next time :-)
J.R. SitmanIT Director

Author

Commented:
sorry

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial