I'm in the middle of doing a AD Migration for a client using ADMT. One thing I noticed though is whenever I migrate user objects with ADMT it automatically enables user must change password at next logon. I do not want this!
The following script disables the option for all user accounts per OU:
Option Explicit
On Error Resume Next
Dim objOU, objUser, objRootDSE
Dim strContainer, strLastUser, strDNSDomain, intCounter, intAccValue
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
strContainer = "OU=ITStaff ,"
intAccValue = 544
strContainer = strContainer & strDNSDomain
set objOU =GetObject("LDAP://" & strContainer )
intCounter = 0
For each objUser in objOU
If objUser.class="user" then
intCounter = intCounter +1
strLastUser = objUser.Get ("name")
objuser.Put "pwdLastSet", -1
objuser.SetInfo
wscript.echo objuser.name
End if
next
WScript.Echo intCounter & " Users change pwd next logon. Value " _
& intAccValue
WScript.Quit
' End of User Account example VBScript
Note if you want to re-enable the tickbox for changing passwords change the following value:
objuser.Put "pwdLastSet", -1
You can also do this for the entire domain using WinNT and not LDAP:
Option Explicit
Dim oDomain, oObject
Set oDomain = GetObject("WinNT://cos.local")
For Each oObject in oDomain
If oObject.Class = "User" Then
oObject.Put "PasswordExpired", 0
oObject.SetInfo
End If
Next
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment