No one intends this but it is a problem that sooner or later you will be come across in your system administrator career.
I’ve see this resolved many different ways, but I like to narrow it down to a particular OU. Depending on your case you may want to clean this across the board in AD.
Here is command prompt to the rescue:
1 |
dsquery user "OU=Microsoft,DC=Redmond,DC=CORP,DC=LOCAL" -limit 4000 | dsmod user -pwdneverexpires no |
I haven’t tried this, but some have said the following works in Powershell:
For OU:
1 |
Get-ADUser -Filter {(ObjectClass -eq "user")} -SearchBase "OU=Offices,DC=Contoso,DC=com" | Set-ADUser -PasswordNeverExpires:$FALSE |
1 |
Get-ADUser -Filter {(ObjectClass -eq "user")} | Set-ADUser -PasswordNeverExpires:$FALSE |