Try "dsquery" and pipe it into "dsmod" in the command line.
i.e. dsquery user "OU=Employees, DC=Domain, DC=Com" -stalepassword 60 | dsmod user -mustchpwd yes this command line queries users in the Employees OU who have not changed their password in 60 days and pipes the list to dsmod which configures each object with "User must change password at next logon" regards Amado Abenojar MCSE,MCSA ====================== From: [email protected] To: [email protected] Date: Tue, 3 Mar 2009 18:43:11 -0500 Subject: Changing Account Settings en Masse We’ve previously not allowed users to change their own passwords; we’ve handled that for them, and in Active Directory have their accounts configured to prevent them from doing it. We’re implementing some new policies now, and in the near future users will need to be able to change their own passwords. I feel sure there’s a way for me to enable this capability without having to launch ADUC and bring up each user’s account individually. Could one of you command line commandos give me a point in the right direction? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
