Howto: Change passwords for all users in an OU in a Windows 2003 domain

by admin on August 29, 2007

Yesterday I wrote about how to migrate user data and profiles to a new Windows 2003 domain controller.  Today I’ll show you how to bulk change passwords for an entire OU using the dsmod and dsquery utilities that are built into Windows 2003.

KB322684 has an overview of the command line tools built into Windows 2003 for managing Active Directory.  The tools we’ll use to reset all the users passwords are DSquery and DSmod.

In the following example, AD is queried (using DSquery) for all user accounts located in the students OU of the domain.  The results of that query are passed into DSmod, which will change all of those user account passwords to “cadlab”.  The results will be written to the password.log file.

dsquery user “ou=students,dc=mydomain,dc=org” -limit 0 | dsmod user -pwd cadlab >password.log

Note that the above command should be entered on a single line.  The limit 0 (zero) option means that all objects that meet the query criteria will be returned.  If you do not use the limit switch, only the first 100 results are shown.

This single command allowed me to change the passwords for all 185 users in the students OU in about 45 seconds.

{ 2 comments… read them below or add one }

Doug August 13, 2009 at 8:45 am

You’re my new best friend. This was easy and worked great.

Many thanks!!!!


Ed April 22, 2010 at 11:56 am

Thank You for sharing the knowledge. It helped make my task easier.

Appreciate it!


Leave a Comment

Previous post:

Next post: