You
can not set password expiration for a group of users. Password expiration is a
global domain policy. Now if you are looking to simply unexpire a group of users
you could write (or most likely at this point) find a script that will take a
CSV file and either reset the passwords of those users thereby making them
active or you can force them expired then clear the expired flag which would
make them "hot" again under their old password with a password age of 0 days.
You can do that by forcing a 0 into pwdLastSet and then turning around and then
forcing a -1 into pwdLastset. So say your password policy was set to expire in
91 days and then you have an account with a password of 200 days and you want to
reenable that ID WITHOUT having to change the password you would use a script
like this:
set
o=getobject("LDAP://cn=joe,cn=users,dc=domain,dc=com")
o.pwdlastset=0
o.setinfo
o.pwdlastset=-1
o.setinfo
o.pwdlastset=0
o.setinfo
o.pwdlastset=-1
o.setinfo
That
would force the "must change password" flag of the account which would then
allow you to clear that same flag and you now have a password with a password
age of 0 days and fully ready to go.
joe
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erick Christian
Sent: Wednesday, August 13, 2003 1:17 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Settign password Expiration date
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erick Christian
Sent: Wednesday, August 13, 2003 1:17 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Settign password Expiration date
We are rolling our W2k network out, and have successfully migrated from NT4.0. Previously we had sat our user account's password to expire at the end of the year. However, going through and enabling each individual account is not an option, as of yet I have not found a way in AD to set the PW expiration date for an entire group. If anyone could shed light on this topic I would greatly appreciate it.Erick Christian
Chesapeake Board of Education
