Active Directory – Modify all users in an OU to “Password Never Expires”

KB ID 0000532 


A while back I did a job for a school, many weeks later their users have had to change their passwords. Nothing strange there, the problem is now their teachers DONT want to have their passwords changing at all.

For a single user you can simply edit the user object and set it to “Password Never Expires” for a LOT of users this can be more time consuming.


Warning: There is a caveat! If the user object(s) you are applying this to has the attribute “User must change password at next logon” then this option will be REMOVED.

This is because, if you try this on an individual user that has this option ticked, you will see this. doing this in bulk has the same effect, it just removes the “User must change password at next logon”. If you want to bulk set the password on all users, then carry this out that’s OK.

change password at next logon

1. However – If your users do not have this ticked then you can set this option on an entire OU by executing the following command;

dsquery user “OU={your target OU},DC={your domain},DC={your domain extension}” | dsmod user -pwdneverexpires yes

Update: Note: If your OU has more than 100 users in it you need to add the ‘-limit’ flag, and set it to a number greater than your actual amount of users, e.g.

dsquery user “OU={your target OU},DC={your domain},DC={your domain extension}-limit 2000 | dsmod user -pwdneverexpires yes


2. Now your users will have this option set.

password never expires


Related Articles, References, Credits, or External Links

Original article written 10/11/11

Thanks to Pierre, for the update on the ‘limit’ flag.

Windows – Reset all User Passwords in an OU

Author: Migrated

Share This Post On