Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Password Expiration Date.
Password Expiration Date. [message #157052] Tue, 30 June 2009 05:52 Go to next message
Luca  is currently offline Luca  Italy
Messages: 22
Registered: July 2009
Junior Member
I need to set same expiration date to all passwords for all users in my
domain ...
Could anyone help me ?! I am able to find how to ...
Thanks in advance.
--
_________________________
Luca P.
Re: Password Expiration Date. [message #157054 is a reply to message #157052] Tue, 30 June 2009 06:00 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

Luca wrote:
> I need to set same expiration date to all passwords for all users in my
> domain ...
> Could anyone help me ?! I am able to find how to ...
> Thanks in advance.

Check the script from the Scripting Guys:
http://www.microsoft.com/technet/scriptcenter/resources/qand a/jul05/hey0706.mspx

Are you sure you want ALL users to have their passwords expired? I can
imagine that causes a call storm at the help desk and a huge load on the
DCs. I, personally, would opt for expiring users' passwords in batches
(1 division/week,...)

Cheers,
Florian
Re: Password Expiration Date. [message #157058 is a reply to message #157054] Tue, 30 June 2009 08:19 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> wrote in
message news:u4HsbmW%23JHA.1336@TK2MSFTNGP05.phx.gbl...
> Howdie!
>
> Luca wrote:
>> I need to set same expiration date to all passwords for all users in my
>> domain ...
>> Could anyone help me ?! I am able to find how to ...
>> Thanks in advance.
>
> Check the script from the Scripting Guys:
> http://www.microsoft.com/technet/scriptcenter/resources/qand a/jul05/hey0706.mspx
>
> Are you sure you want ALL users to have their passwords expired? I can
> imagine that causes a call storm at the help desk and a huge load on the
> DCs. I, personally, would opt for expiring users' passwords in batches (1
> division/week,...)
>
> Cheers,
> Florian

As noted in the link, you can expire passwords by running a script that
assigns 0 to the pwdLastSet attribute. You cannot assign any other value.
You cannot make passwords expire at some date in the future. Your script
must run at the moment you want all passwords to expire. You would do this
for all users desired. For example, for all users in an OU:

' Bind to the organizational unit.
Set objOU = GetObject("LDAP://ou=West,dc=MyDomain,dc=com")

' Enumerate users.
For Each objUser In objOU
' Only operate on users.
If (LCase(objUser.Class) = "user") Then
' Expire password.
objUser.pwdLastSet = 0
objUser.SetInfo
End If
Next

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Password Expiration Date. [message #157059 is a reply to message #157054] Tue, 30 June 2009 08:30 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
I would agree with Florian, don't expire them all at the the same time, you
are just asking for problems.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> wrote in
message news:u4HsbmW%23JHA.1336@TK2MSFTNGP05.phx.gbl...
> Howdie!
>
> Luca wrote:
>> I need to set same expiration date to all passwords for all users in my
>> domain ...
>> Could anyone help me ?! I am able to find how to ...
>> Thanks in advance.
>
> Check the script from the Scripting Guys:
> http://www.microsoft.com/technet/scriptcenter/resources/qand a/jul05/hey0706.mspx
>
> Are you sure you want ALL users to have their passwords expired? I can
> imagine that causes a call storm at the help desk and a huge load on the
> DCs. I, personally, would opt for expiring users' passwords in batches (1
> division/week,...)
>
> Cheers,
> Florian
Re: Password Expiration Date. [message #157249 is a reply to message #157059] Thu, 02 July 2009 19:23 Go to previous message
Anderson Lacruz  is currently offline Anderson Lacruz
Messages: 15
Registered: July 2009
Junior Member
Hi everyone

Luca you must to evaluate what exactly do you want to do. You need to
evaluate consequences and impact in your platform. First at all, you should
test on a test enviroment what you want to do. In this case, you can use the
recommendations from Florian, Richard and Paul. You can set the option of
change password to users accounts by visual script to do it immediately, then
you should validate the default domain police to define the maximum and
minimum password age. At the same time, you should know that the notification
for changing password could begin 15 days previous and in that moment users
can decide when to change the password during that period. So, it's gonna be
difficult to change the password at the same time, at least you modify the
account to ask for changing password.

Regards
Anderson Lacruz

"Paul Bergson [MVP-DS]" wrote:

> I would agree with Florian, don't expire them all at the the same time, you
> are just asking for problems.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> wrote in
> message news:u4HsbmW%23JHA.1336@TK2MSFTNGP05.phx.gbl...
> > Howdie!
> >
> > Luca wrote:
> >> I need to set same expiration date to all passwords for all users in my
> >> domain ...
> >> Could anyone help me ?! I am able to find how to ...
> >> Thanks in advance.
> >
> > Check the script from the Scripting Guys:
> > http://www.microsoft.com/technet/scriptcenter/resources/qand a/jul05/hey0706.mspx
> >
> > Are you sure you want ALL users to have their passwords expired? I can
> > imagine that causes a call storm at the help desk and a huge load on the
> > DCs. I, personally, would opt for expiring users' passwords in batches (1
> > division/week,...)
> >
> > Cheers,
> > Florian
>
>
>
Previous Topic:Allow ldaps queries from other server 2003 domain controllers
Next Topic:2008 DC wbadmin
Goto Forum:
  


Current Time: Fri Oct 20 10:14:09 EDT 2017

Total time taken to generate the page: 0.04614 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software