ADMT: Auto-Expired Password Clean-Up
I'm using Microsoft's Active Directory Migration Tool to migrate users from an NT 4.0 Domain to a Win2k3 Domain. The process seems mostly flawless so far except that the password settings (not the password itself) are lost after migrating the users and their passwords. Suddenly, all migrated users on the new domain have expired passwords and are thus required to enter in a new password after their first successful login on the new domain. This new requirement does not comply with our old policy so I've written a VBS script to address the issue.
Below is a script that goes through each of the accounts on the new domain and, if the account is not disabled, sets the password to never expire and it also unchecks the box that declares "User Must Change Password at Next Login."
Set objDomain= GetObject("WinNT://newdomain") objDomain.Filter = Array("User") For Each User In objDomain If User.Accountdisabled = 0 then User.PasswordExpired = 0 User.Put "UserFlags", Flags OR &H10000 User.SetInfo End if Next Set objDomain = Nothing