» ADMT: Auto-Expired Password Clean-Up

14Jul/066

ADMT: Auto-Expired Password Clean-Up

I'm using Microsoft's Active Directory Migration Tool to migrate users from an NT 4.0 Domain to a Win2k3 Domain. The process seems mostly flawless so far except that the password settings (not the password itself) are lost after migrating the users and their passwords. Suddenly, all migrated users on the new domain have expired passwords and are thus required to enter in a new password after their first successful login on the new domain. This new requirement does not comply with our old policy so I've written a VBS script to address the issue.

Below is a script that goes through each of the accounts on the new domain and, if the account is not disabled, sets the password to never expire and it also unchecks the box that declares "User Must Change Password at Next Login."

Set objDomain= GetObject("WinNT://newdomain")

	objDomain.Filter = Array("User")

		For Each User In objDomain

			If User.Accountdisabled = 0 then

				User.PasswordExpired = 0

				User.Put "UserFlags", Flags OR &H10000

				User.SetInfo

			End if

		Next

Set objDomain = Nothing

Posted by: Chrissy Filed under: Active Directory Leave a comment

Comments (6) Trackbacks (0) ( subscribe to comments on this post )

Miky
March 21st, 2007 - 15:23

Hi,
I’m happy to meet you.

This script, unchecks the box “User Must Change Password at Next Login” but all the others too.

And i would like to know:

How avoid this problem?

Thanks a lot.

Miky.

( REPLY )
Miky
March 21st, 2007 - 15:29

I have forgotten: except the box “Password never expire”

Thanks.

Miky.

( REPLY )
Miky
March 21st, 2007 - 15:35

Congratulation for this script !!!

Miky.

( REPLY )
Chrissy
March 21st, 2007 - 15:37

Miky,
I’m not sure why that’s happening. If you go line by line it says

For each user on the domain…
If the user account is not disabled
Set the passsword to unexpired
Set password to never expire
Commit
end if

What OS are you using?

( REPLY )
Miky
April 2nd, 2007 - 08:55

Hi Chrissy,

Hello, my OS is Windows Serveur 2003, and the application is targeted on a user group. The principle is to unchecked the box “password never expires” of some users contained in a group.

Thanks.

Miky.

( REPLY )
Arlys
September 25th, 2009 - 08:55

Hi,
Thanks for the script, it was helpfull for me.
Great!
Arlys.

( REPLY )