Rem: Setting Users' Logon Options


I've been trying to use the Net User command to reset users' passwords in a .bat script, but the script won't set the User must change password at next logon flag. How can I set this flag?

The Net User command doesn't provide an option to enable the User must change password at next logon flag. However, you can use Active Directory Service Interfaces (ADSI) or a third-party command-line utility to accomplish this task.

Using ADSI to set this flag is a three-step operation:

  1. Bind (i.e., connect) to the target user account.
  2. Set the user account's logon option.
  3. Commit the change to the directory.

Listing 2, page 12, shows the code you use to perform this operation on a Windows NT SAM user account. Listing 3, page 12, shows the code to perform the same operation on a Windows 2000 Active Directory (AD) user account. If you prefer to use a command-line tool, you can purchase Pukka International's NetUser tool at

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.