Using PwdNX.bat, I have scripted AllPwdNX.bat to turn the
DONT_EXPIRE_PASSWORD bit of the UserAccountControl attribute, on or off for all user's
in the specified container or OU (Organizational Unit).
The syntax for using AllPwdNX.bat is:
AllPwdNX base Y|N
Where base is RFC 2253 DN to search from, like "DC=JSIINC,DC=COM" or "CN=Users,DC=JSIINC,DC=COM", or "OU=West,DC=JSIINC,DC=COM", and Y|N is a Y to set Password never expires on, or a N to set Password never expires off.
AllPwdNX.bat contains:
@echo off setlocal ENABLEDELAYEDEXPANSION if \{%2\}==\{\} goto err set base=%1 set YN=%2 set /a pnx=65536 set adf=adfind -b %base% -f "&(objectcategory=person)(objectclass=user)" -nodn -noctl distinguishedName userAccountControl if /i "%YN%" EQU "Y" goto swok if /i "%YN%" NEQ "N" goto err :swok call :getusr>nul 2>&1 endlocal goto :EOF :err @echo Syntax: AllPwdNX Base Y^|N endlocal goto :EOF :getusr for /f "Tokens=1* Delims=: " %%a in ('%adf%^|findstr /i "distinguishedName userAccountControl"') do ( set p1=%%a set p1=!p1:~1! if /i "!p1!" EQU "distinguishedName" set userdn=%%b if /i "!p1!" EQU "userAccountControl" set /a userAccountControl=%%b&call pwdnx "!userdn!" %YN% )
0 comments
Hide comments