JSI Tip 7688. How can I list all users in my domain who must change their password at next logon?
Jerold Schulman
January 22, 2004
1 Min Read
Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, I have scripted Mustchpwd.bat to list all users in my domain who must change their password at next logon.
NOTE: The Mustchpwd.bat script does NOT report accounts that are disabled.
The syntax for using Mustchpwd.bat is:
Mustchpwd
The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:
Mustchpwd>FileName
You can use the output in subsequent commands, as in:
for /f "Tokens=*" %%i in ('Mustchpwd') do SomeCommand %%i
NOTE: See How do I reset most user's passwords, and/or force them to change the password at the next logon?
Mustchpwd.bat contains:
@echo offsetlocalif exist "%TEMP%Mustchpwd.tm1" del /q "%TEMP%Mustchpwd.tm1"if exist "%TEMP%Mustchpwd.tm2" del /q "%TEMP%Mustchpwd.tm2"set getit=dsquery user domainroot -name * -limit 0for /f "Tokens=*" %%u in ('%getit%') do set UDN=%%u&call :pwdif not exist "%TEMP%Mustchpwd.tm1" endlocal&goto :EOFsort "%TEMP%Mustchpwd.tm1" /O "%TEMP%Mustchpwd.tm2"type "%TEMP%Mustchpwd.tm2"del /q "%TEMP%Mustchpwd.tm1"del /q "%TEMP%Mustchpwd.tm2"endlocalgoto :EOF:pwdfor /f "Skip=1 Tokens=1-2" %%i in ('dsget user %UDN% -mustchpwd -disabled') do ( if /i "%%i" NEQ "dsget" call :report %%i %%j)goto :EOF:reportif /i "%1" EQU "no" goto :EOFif /i "%2" EQU "yes" goto :EOF@echo %UDN%>>"%TEMP%Mustchpwd.tm1"
About the Author
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
You May Also Like