ADMT: Auto-Expired Password Clean-Up

Filed under: Active Directory, Tech Stuff — Written by Chrissy on Friday, July 14th, 2006 @ 6:11 am

I'm using Microsoft's Active Directory Migration Tool to migrate users from an NT 4.0 Domain to a Win2k3 Domain. The process seems mostly flawless so far except that the password settings (not the password itself) are lost after migrating the users and their passwords. Suddenly, all migrated users on the new domain have expired passwords and are thus required to enter in a new password after their first successful login on the new domain. This new requirement does not comply with our old policy so I've written a VBS script to address the issue.

Below is a script that goes through each of the accounts on the new domain and, if the account is not disabled, sets the password to never expire and it also unchecks the box that declares "User Must Change Password at Next Login."

Set objDomain= GetObject("WinNT://newdomain")
  objDomain.Filter = Array("User")
    For Each User In objDomain
      If User.Accountdisabled = 0 then
        User.PasswordExpired = 0
        User.Put "UserFlags", Flags OR &H10000
        User.SetInfo
      End if
    Next
Set objDomain = Nothing
5 Comments   -
  • Comment by Miky | March 21, 2007 @ 3:23 pm

    Hi,
    I'm happy to meet you.

    This script, unchecks the box "User Must Change Password at Next Login" but all the others too.

    And i would like to know:

    How avoid this problem?

    Thanks a lot.

    Miky.

  • Comment by Miky | March 21, 2007 @ 3:29 pm

    I have forgotten: except the box "Password never expire"

    Thanks.

    Miky.

  • Comment by Miky | March 21, 2007 @ 3:35 pm

    Congratulation for this script !!!

    Miky.

  • Comment by Chrissy | March 21, 2007 @ 3:37 pm

    Miky,
    I'm not sure why that's happening. If you go line by line it says

    For each user on the domain...
    If the user account is not disabled
    Set the passsword to unexpired
    Set password to never expire
    Commit
    end if

    What OS are you using?

  • Comment by Miky | April 2, 2007 @ 8:55 am

    Hi Chrissy,

    Hello, my OS is Windows Serveur 2003, and the application is targeted on a user group. The principle is to unchecked the box "password never expires" of some users contained in a group.

    Thanks.

    Miky.

RSS feed for comments on this post. TrackBack URL

Leave your comment