JSI Tip 7688. How can I list all users in my domain who must change their password at next logon?

Using the Active Directory command-line tools, in a Windows 2000 domain, or Windows Server 2003 domain, I have scripted Mustchpwd.bat to list all users in my domain who must change their password at next logon.

NOTE: The Mustchpwd.bat script does NOT report accounts that are disabled.

The syntax for using Mustchpwd.bat is:

Mustchpwd

The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:

Mustchpwd>FileName

You can use the output in subsequent commands, as in:

for /f "Tokens=*" %%i in ('Mustchpwd') do SomeCommand %%i

NOTE: See How do I reset most user's passwords, and/or force them to change the password at the next logon?

Mustchpwd.bat contains:

@echo offsetlocalif exist "%TEMP%Mustchpwd.tm1" del /q "%TEMP%Mustchpwd.tm1"if exist "%TEMP%Mustchpwd.tm2" del /q "%TEMP%Mustchpwd.tm2"set getit=dsquery user domainroot -name * -limit 0for /f "Tokens=*" %%u in ('%getit%') do set UDN=%%u&call :pwdif not exist "%TEMP%Mustchpwd.tm1" endlocal&goto :EOFsort "%TEMP%Mustchpwd.tm1" /O "%TEMP%Mustchpwd.tm2"type "%TEMP%Mustchpwd.tm2"del /q "%TEMP%Mustchpwd.tm1"del /q "%TEMP%Mustchpwd.tm2"endlocalgoto :EOF:pwdfor /f "Skip=1 Tokens=1-2" %%i in ('dsget user %UDN% -mustchpwd -disabled') do ( if /i "%%i" NEQ "dsget" call :report %%i %%j)goto :EOF:reportif /i "%1" EQU "no" goto :EOFif /i "%2" EQU "yes" goto :EOF@echo %UDN%>>"%TEMP%Mustchpwd.tm1"