Google-apps-script – Force users to update password every 3 months for Google apps

Provision API has gone the way of the Dodo and now you have to rewrite your script and add some extra security approvals along the way.

I got the info finally after a whole bunch of searching, after my script failed to day from here: http://thegapps.com/7/how-can-i-force-my-users-to-reset-the-password?show=8#a8

below is a summary (without the pretty pictures) for posterity.... along with my final code (with other additional enhancements I found I needed):

Start Excerpt from thegapps.com -=-

There is a Google Script that is quite small, it can serve as program changing the password every 3 months, the requirements are:

• You have to be a Super Administrator
• Access to Google Script [https://script.google.com]

1) First with your super admin account open https://script.google.com and copy the code below and change the domain-name.com to your domain name account.

2) Please Change the Name, for example: Change Password

3) Click on Resources and 'Advanced Google Services' ** Turn on Admin Directory API ** Click on 'Google Developers Console' ** Once you are in to the Developer console, search for 'SDK' and click on Admin SDK > Then click on enable API ** Go back to Google Script and the last step

[4]) Click on 'Resources' > click on Current project's triggers' > And then ' Click here to add one now'

-=-

End Excerpt from thegapps.com

You can then specify an automated time for it to kick off using the trigger.

(NOTE: you have to do all the special stuff above to approve security to run this... oh, and remember to change example.com to your domain!! duh) This is my final solution Code below that updates Waqar Ahmad's script using the info above (which sends an email confirmation to remind you the script fired): fix for more than 100 users, has the ability to exempt a specific user from the global change:

function ForceChangePasswordAtNextLogin()  {
  //Create logs
  Logger.log('Execution started');
  Logger.log('Following users forced to change password on next login');
  Logger.log('--------------------------------------------------------');

  var mailSent = false;

  try {
    //get all users in domain -- results are pagnated, so it will have to use nextpageToken to get each page
    var pageToken, page; 
    do { //iterate for each page
      page = AdminDirectory.Users.list({
      domain: 'example.com',
      orderBy: 'givenName',
      pageToken: pageToken
    });
    var users = page.users;    
    //iterate for each user -- this is pagnated, so this will process only the users on this page, before moving to the next page and repeating
    for (var i = 0; i < users.length; i++) {
      if (users[i].primaryEmail == 'exemptuser@example.com') { //this user is exempt from the password change
          //Put the email of the user in log
          Logger.log('*'+users[i].primaryEmail)
        } else {
          //set the user to change password on next login
          users[i].changePasswordAtNextLogin = true;
          AdminDirectory.Users.update(users[i], users[i].primaryEmail);
          //Put the email of the user in log
          Logger.log(users[i].primaryEmail)
        }
     } 
    pageToken = page.nextPageToken;
    } while (pageToken);
  }  
  //Catch if any error occurs
  catch(e){
    //Log the error
    Logger.log('--------------------------------------------------------');
    Logger.log('Error occured: '+e.message);
    //Send an email to yourself with logs
    GmailApp.sendEmail(Session.getEffectiveUser().getEmail(), 'Log for User Pass Change Script : Error occured', Logger.getLog());
    mailSent = true; 
  }

  if(!mailSent){
    //if execution successful
    Logger.log('--------------------------------------------------------');
    Logger.log('Execution ended. Script completed successfully');
    //Send an email to yourself with logs
    GmailApp.sendEmail(Session.getEffectiveUser().getEmail(), 'Log for User Pass Change Script: Successful', Logger.getLog());
  }

}