ok, found something. the switch is $UserObj.PasswordExpired = 1
(thanks radimus)

this way, they could actually use adsi for this:
code:
$adsUser = GetObject("LDAP://cn=UserName,ou=someou,ou=myusers,dc=rz,dc=mydomain,dc=de")
if @ERROR<>0
	? @SERROR + " (" + @ERROR + ")" shell "%comspec% /c pause"
	exit 1
endif
$adsUser.PasswordExpired = 1
$adsUser.SetInfo
$adsUser.SetPassword($password)
there is some user query/set script in this post (where I got most of this script too [Big Grin] ):
http://81.17.37.55/board/ultimatebb.php?ubb=get_topic;f=13;t=000213#000007

so, all you need to do, is to get the info from the helpdesk user.

like:
code:
"what users properties should be changed? ->"
gets $username
?
"executing..."
hope this helps
_________________________
!

download KiXnet