Using cusrmgr, you can set User Must Change Password at Next Logon.
You can use:
to select multiple users in your domain.
I have chosen to use DomGroupMembers from tip 4647 to invoke the UserMustChangePassword.bat script, which you place in a folder in my PATH.
The syntax for using UserMustChangePassword.bat is the general syntax for DomGroupMembers, which is:
DomGroupMembers Group "Command" \[ExludeList\]
The specific syntax for this solution is:
DomGroupMembers "DomainGroup" "call UserMustChangePassword.bat %user%" \[ExludeList\]:
where "DomainGroup" is any domain group, such as "Domain Users" or "Eastern Sales".
NOTE: You must change the PDCName in the UserMustChangePassword.bat script to be your PDC emulator.
You may also remove the @echo User %1 must change password at next logon line, if you don't wish to display the users who have been affected.
:: Determine if <b>Password Never Expires</b>.
for /f "Skip=11 Tokens=2-3" %%i in ('net user %1 /domain') do if "%%i"=="expires" set when="%%j"
if %when% EQU "Never" goto done
:: Change PDCName to be your PDC Emulator
cusrmgr -u %1 +s MustChangePassword -m \\<b>PDCName</b>>nul 2>&1
:: You may remove the following echo.
@echo User %1 must change password at next logon