Howto: Change passwords for all users in an OU in a Windows 2003 domain

Yesterday I wrote about how to migrate user data and profiles to a new Windows 2003 domain controller.  Today I’ll show you how to bulk change passwords for an entire OU using the dsmod and dsquery utilities that are built into Windows 2003.

KB322684 has an overview of the command line tools built into Windows 2003 for managing Active Directory.  The tools we’ll use to reset all the users passwords are DSquery and DSmod.

In the following example, AD is queried (using DSquery) for all user accounts located in the students OU of the mydomain.org domain.  The results of that query are passed into DSmod, which will change all of those user account passwords to “cadlab”.  The results will be written to the password.log file.

dsquery user “ou=students,dc=mydomain,dc=org” -limit 0 | dsmod user -pwd cadlab >password.log

Note that the above command should be entered on a single line.  The limit 0 (zero) option means that all objects that meet the query criteria will be returned.  If you do not use the limit switch, only the first 100 results are shown.

This single command allowed me to change the passwords for all 185 users in the students OU in about 45 seconds.

2 thoughts on “Howto: Change passwords for all users in an OU in a Windows 2003 domain”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>