How to Force All Users to Change Their Password

Overview

Crowd currently does not have a feature for administrators to force all of the users or users from a specific directory to change their password. In order to force a user to change their password, Crowd administrators have to do the following for each user:

1. Navigate to Users

2. Find the user

3. Select 'Attributes'

4. Set requiresPasswordChangeparameter to "True".

As you can see, following the steps above for every user can get tedious. There is a feature request created for this at CWD-3332 - Allow forcing a password reset for all users, but in the meantime, you can set requiresPasswordChange to "True" for all users via the database by following the steps below.

Steps

1. Create a database backup of your Crowd instance, as a safety precaution

2. Execute the following SQL and take note of the directory ID that the newly imported users were imported from:

   1 SELECT * FROM cwd_directory;

3. Using the the directory ID, execute the following SQL query:

   (!) This will force all users from the directory to change their password

   1 UPDATE cwd_user_attribute SET attribute_value = 'true' WHERE attribute_name = 'requiresPasswordChange' AND directory_id = <INSERT DIRECTORY ID>;

   (!) This query will force password change only for users of the given group

   1 2 3 4 5 6 7 8 9 10 11 UPDATE cwd_user_attribute SET attribute_value = 'true' WHERE attribute_name = 'requiresPasswordChange' AND directory_id = <INSERT DIRECTORY ID> AND user_id IN ( SELECT u.id FROM cwd_membership m JOIN cwd_group g ON m.parent_id = g.id JOIN cwd_user u ON m.child_id = u.id WHERE g.group_name = '<INSERT GROUP NAME>' );

4. Once the SQL is executed, users will be prompt to change their password via the Crowd Console

ℹ️ Note: This solution only applies to users in the Crowd Internal Directory who log into Crowd. This solution does not apply to users who are part of an external directory or to any user synchronized to a client application of Crowd.