Yesterday I wrote about how to migrate user data and profiles to a new Windows 2003 domain controller. Today I’ll show you how to bulk change passwords for an entire OU using the dsmod and dsquery utilities that are built into Windows 2003.
In the following example, AD is queried (using DSquery) for all user accounts located in the students OU of the mydomain.org domain. The results of that query are passed into DSmod, which will change all of those user account passwords to “cadlab”. The results will be written to the password.log file.
dsquery user “ou=students,dc=mydomain,dc=org” -limit 0 | dsmod user -pwd cadlab >password.log
Note that the above command should be entered on a single line. The limit 0 (zero) option means that all objects that meet the query criteria will be returned. If you do not use the limit switch, only the first 100 results are shown.
This single command allowed me to change the passwords for all 185 users in the students OU in about 45 seconds.