Forcing All Users in Microsoft Management Console(MMC) to Change Their Password At Next Logon

The easiest way to do this task is to use the Addusers utility to produce a text file of usernames, then use the For command to execute a Net User command for each user and select the User must change password at next logon check box. First, run the command

addusers /d users.txt

which produces a users.txt file that contains a list of all users, global groups, and local groups in AD. Open users.txt, locate the [Global] line, and delete that line and everything after it to get rid of all the groups listed in the file. Save and close users.txt. Next, run

for /f
“skip=1 tokens=1 delims==, “
%i in (junk.txt) do cusrmgr -u
%i +s MustChangePassword

The For command skips the first line of the file (i.e., [User]), then inserts the username (i.e., thefirst string from each line in the file) in place of %i in the Cusrmgr command. The Cusrmgr portion of the code then equates to

cusrmgr -u <username> +s
MustChangePassword

This Cusrmgr command selects the User must change password at next logon check box for the username that appears in the username variable.