By Bryan Keadle
Quick ... you just discovered a security breach in your password security, or you suspect that your user passwords have been compromised somehow. What would you do? Expiring everyone's passwords *now*, so that they'll have to change it on their next login, would be a good step.
I've advocated the use of JRB Utilities (http://www.jrbsoftware.com/)for any en masse needs; it's a powerful, must-have toolkit for being able to automate tasks and doing most anything in your tree en masse.
The above scenario is a perfect example. Here is a 2-line script that will:
1) Create a list of all user accounts that currently have password expiration dates (ped) starting at a named container and down (/x):
getrest .*.VOP ped != none /j /u /y=d /x /l=pswdexp.lst /e=none
2) For each user account listed in the pswdexp.lst (accounts having existing password expirations), set the password expiration date (ped) to today, and log successful changes to pswdexp.og and any errors to pswdexp.err:
setrest @pswdexp.lst ped today /l=pswdexp.log /e=pswdexp.err
In seconds, I've managed to implement this security change procedure.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.