Rem: Setting Users' Logon Options

You can use ADSI to enable the User must change password at next logon option.

Bob Wells

November 18, 2001

1 Min Read
ITPro Today logo in a gray background | ITPro Today


I've been trying to use the Net User command to reset users' passwords in a .bat script, but the script won't set the User must change password at next logon flag. How can I set this flag?

The Net User command doesn't provide an option to enable the User must change password at next logon flag. However, you can use Active Directory Service Interfaces (ADSI) or a third-party command-line utility to accomplish this task.

Using ADSI to set this flag is a three-step operation:

  1. Bind (i.e., connect) to the target user account.

  2. Set the user account's logon option.

  3. Commit the change to the directory.

Listing 2, page 12, shows the code you use to perform this operation on a Windows NT SAM user account. Listing 3, page 12, shows the code to perform the same operation on a Windows 2000 Active Directory (AD) user account. If you prefer to use a command-line tool, you can purchase Pukka International's NetUser tool at http://www.pukka.com/products/default.asp?productid=nu1%2e0.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like