If you have a Windows 2003 domain controller you modify that user attribute
en mass for users. If you do not you still can install the Windows 2003
adminpak [free download from Microsoft] on an XP Pro domain member computer
that should be known to be a secure admin workstation and then use the
Active Directory command line tools to do what you want as shown in the
example below of using the commands to change password attribute for users
in an OU. You might find that accounts that are set to password never
expirers may need to have that attribute changes first though if you want
them to change password also. Be sure to test out on an OU with a few test
users. You can pipe the results of one command to the dsmod command . As
always it is best to have a current backup of the System State of a domain
controller in case things do not go as planned so that you can at least get
back to where you were with an authoritative restore of Active
Directory. --- Steve
http://www.microsoft.com/technet/pr...elp/46ba1426-43fd-4985-b429-cd53d3046f01.mspx
--- Directory Service command line tools
F:\Documents and Settings\administrator.UMBACH1.000>dsquery user
OU=nyt,dc=umba
h1,dc=com | dsmod user -mustchpwd yes
dsmod succeeded:CN=john,OU=nyt,DC=umbach1,DC=com
dsmod succeeded:CN=tom,OU=nyt,DC=umbach1,DC=com
dsmod succeeded:CN=joe,OU=nyt,DC=umbach1,DC=com
dsmod succeeded:CN=fox,OU=nyt,DC=umbach1,DC=com
dsmod succeeded:CN=fred,OU=nyt,DC=umbach1,DC=com
