Late to the game, but doesn't this work as well? Dsquery user -name * -startnode "my_OU",dc=company,dc=com" -limit 0 | dsmod user -pwdneverexpires no
And you can also add -mustchangepwd yes to the end of that and force everyone to change their password at next logon. Jeremy -----Original Message----- From: Scott Kaufman at HQ [mailto:[email protected]] Sent: Wednesday, March 04, 2009 9:10 AM To: NT System Admin Issues Subject: RE: Password Policy Change It's not 90 days from when you set the policy, it's 90 days from the last password change on the user account. If you change the policy to be 90 days, all user accounts that have the password last set date that is greater than 90 days will immediately get set to change password at next logon. Unless you can guarantee that all user account passwords were changed within 90 days, I'd start with a long time frame, like 200 days, and each month (or two weeks) keep reducing it down until you get to 90 days. Or be prepared for a lot of helpdesk calls & user complaining. Also check any service accounts, as those accounts will get the same thing & services will start failing. Lived through this a few times from "consultants" changing it because upper management said to change it based on a recommendation/report from another third party.... blah blah blah, but didn't take the time to look at the user accounts & determine how many would get affected by the change. It will be a great test of your customer service skills & resolve if you just implement the change :) Scott Kaufman Lead Network Analyst ITT ESI, Inc. -----Original Message----- From: John Hornbuckle [mailto:[email protected]] Sent: Wednesday, March 04, 2009 11:03 AM To: NT System Admin Issues Subject: RE: Password Policy Change You mean, 90 days from the day you set the policy? -----Original Message----- From: Cameron Cooper [mailto:[email protected]] Sent: Wednesday, March 04, 2009 10:59 AM To: NT System Admin Issues Subject: RE: Password Policy Change If I remember correctly, when we implemented this (every 90 days) the passwords would change after the time frame was set to expire. _______________________________ Cameron Cooper IT Director - CompTIA A+ Certified Aurico Reports, Inc Phone: 847-890-4021 Fax: 847-255-1896 [email protected] ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
