Mike Conigliaro

Set Passwords as Non-Expiring on the Windows Command Line

With the net user command, it’s possible to modify active directory user accounts on the command line.

net user myuser mypassword

Similarly, it’s possible to modify group membership with the net group command.

net group mygroup myuser /add

This is all well and good, but Microsoft inexplicably left out a way to set account passwords as non-expiring (and you might want to do this when creating active directory accounts with a script). That’s where the dsquery and dsmod commands come in. The following code will use dsquery to locate all the users with names like “myuser” and use dsmod to set the passwords as non-expiring.

for /f "delims=" %D in ('dsquery user -name myuser*') do dsmod user %D -pwdneverexpires yes

Ignore the part of Microsoft’s documentation that says the ds* commands ship in Windows 2008 Server. They also ship in Windows 2003 Server.

blog comments powered by Disqus