I'm
looking for pwdlastset that is not equal to 0, and if it's not 0, I reset their
password. This was because we are in the middle of a looooong AD migration
and I've been using ADMT for the last 6 months to migrate users regularly from
our NT4 domain since we're still adding users to our NT4 side. ADMT has
been creating the users with complex passwords so no one knows what their
password is, so I checked to see if they had logged on and reset their password,
and if not, set it to something I can tell them.
-----Original Message-----
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2003 9:33 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] does password expired toggle "user must change pa ssword at next logon"?Michael: I can confirm Vladmir's statement that no, a normally expired ID will not light the "user must change password at next logon" checkbox.Russ: Are you searching for ID's with a zero in the attribute or enumerating accounts? A search would be the fastest method. A simple ldap query to find all accounts with that checkbox set would be&(objectcategory=person)(samaccountname=*)(pwdlastset=0)So with adfind it would look something likeadfind -b dc=domain,dc=com -f "&(objectcategory=person)(samaccountname=*)(pwdlastset=0)" -dnI don't understand why you would reset the people's passwords who have that flag set, what is the purpose?joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rimmerman, Russ
Sent: Monday, October 06, 2003 8:32 PM
To: '[EMAIL PROTECTED]'I wrote a winbatch script I wrote that gets the status of this checkbox if anyone's interested in it. It finds all users with this checkbox checked and resets their passwords.-----Original Message-----
From: Turin, Vladimir [mailto:[EMAIL PROTECTED]
Sent: Monday, October 06, 2003 7:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] does password expired toggle "user must change password at next logon"?You sort of right. It used to in NT4.0, but not in Windows 2000/3 whatever SP.Microsoft silently changed meaning of the checkbox from "User must change password at next logon" to "Administrator has forced the user to change password at next logon", but has forgotten to change the name. Meaning the checkbox is now set when and only when administrator had set it.If the password expired on it's own, checkbox isn't set anymore.I'm sure you can find some help here how to "write the simplest script on the earth" to get real password expired status. (or take a look at the thread "Password Policy - Challenge....", which is really cool and has the script)Vladimir
From: [EMAIL PROTECTED] on behalf of Thommes, Michael M.
Sent: Tue 10/7/2003 1:49 AM
To: Active Directory Mailing List (E-mail)
Subject: [ActiveDir] does password expired toggle "user must change password at next logon"?Hi All:
I don't recall ever getting any response from the message below that I sent out about a month ago. Hopefully, there's no harm in trying again. Thanks!
Mike Thommes
Hi,
When a user's password expires, does it automatically toggle the setting for the account "User must change password at next logon"? It seems to me it used to do this, but that is not what we are seeing now. Our DCs are at W2K/SP3 plus post SP3 patches. Would there be any connection between this observation and the setting "User must logon to change password"? Thanks for any information!
Mike Thommes
Argonne National Laboratory
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This e-mail is confidential, may contain proprietary information of the Cooper Cameron Corporation and its operating Divisions and may be confidential or privileged. This e-mail should be read, copied, disseminated and/or used only by the addressee. If you have received this message in error please delete it, together with any attachments, from your system. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
