User Must Change Password At Next Logon
These VBScript examples will enable you to set the users account to a known password. What's more, you can also set the account so that once the user authenticates, they must change the password to a more secure password. This is a popular scripts for school and college administrators to run at the start of term.
Topics for User Must Change Password At Next Logon
Let us suppose that we want to force users to change their passwords at next logon. The solution is a VBScript that applies pwdLastSet = 0 to the user object. This has the same effect as setting the password option manually in Active Directory Users and Computers. The result is that when users next logon, the operating system displays the change password dialog box.
If you need to deploy, 'The user must change password at next logon', then one tactic that I recommend is to take the opportunity and script a new password. As this maybe the first time they have used your system, the user will appreciate an easy password when to type in the Ctrl Alt Delete logon box.
Our plan is to divide the mission into two parts
Example 1 - Vbscript User Must Change Password at Next Logon
I recommend that you logon as administrator, preferably at a domain controller. Alternatively, try Remote Desktop. If all else fails, you can try these script on an XP machine as a non-administrator, but why introduce extra complications? Let us start with some easy successes.
Instructions for Changing a User's Password at Next Logon
Sample Script to Change User's Password at Next Logon
' PwdLastSet .vbs
Note 1: PwdLastSet is the key attribute (not pwdSetLast). If the value of PwdLastSet is set to zero then the user must change their password when the logon. The .SetInfo method is the equivalent of you pressing the OK button on the Active Directory Users and Computers dialog box.
Note 2: You probably need to change the strContainer from 'OU=Accounts, " to one of your OUs. Did you notice the comma at the end of this string?
Note 3: From a purely scripting point of view, the neat feature is the way that the example cycles through all the accounts in the strContainer. VBScript controls this with a loop, For Each.... next.
Note 4: Hardly a script goes by without the need of the If... then end if construction. For this example we filter the objects with the If objUser.Class = "User". My point is the that OU could also contain computers for which we have no need to set PwdLastSet.
Note 5: The Optional section, which launches Active Directory Users and Computers, is my way of testing that the script is working.
Import users from a spreadsheet. Just provide a list of the users with their fields in the top row, and save as .csv file. Then launch this FREE utility and match your fields with AD's attributes, click and import the users.
Optionally, you can provide the name of the OU where the new accounts will be born. Download your FREE bulk import tool.
If you need more comprehensive software, download a free trial of SAM (Server & Application Monitor)
Sample Script to Change User's Password at Next Logon and Reset the Password
' PwdLastSet Adv.vbs
VBS PwdLastSet - Learning Points
Note 1: This script builds on Example 1 by adding SetPassword.
Note 2: You only need one .SetInfo. If you remember this is the equivalent of pressing the OK button on the dialog box.
Note 3: Once again make sure you use pwdLastSet not pwdSetLast
For those occasions when you need to force users to reset their passwords, PwdLastSet triggers the operating system to display the necessary logon dialog boxes.
If you like this page then please share it with your friends
See more VBScript examples: