force password change for all members of specific ORG

[raydlevel5]

How do I efficiently force a password change for THOUSANDS of accounts (220,000 or so)? Previously, I used PowerShell and CSV files.... I had 4 tasks running that called 10 gam.exe processes each (per task) through PowerShell.  It worked, but it got really messy.  It chewed up a lot of memory.

I need a better, more efficient way to reset passwords.  I'm trying to learn C# and ASP.net, and was going to play with the Google API libraries, but I'm on a time crunch.

Can I force a password change for all users of a specific ORG?

Can I force a password change for all users, while skipping specified users?

Can I get a report that confirms changes were made?

What do I read, or where do I go from here.  Your advice and guidance is appreciated.

[Brandon U.]

How many in the thousands? Why not just leave a script running over night?

[raydlevel5]

Approximately 220,000 to 240,000.  The script I wrote couldn't handle it well.

[Brandon U.]

Okay. Did you try to do a print of users and their OU's then filter out the ones you don't want to change, then feed it as a CSV to a script?

[raydlevel5]

Yeah...It was quick and dirty: I had about 4 csv files, each containing around 50,000 users.  There were 4 PowerShell scripts running as tasks on Win Server 2008.  Each task queued up 10 GAM.exe processes to force a password change.  When one gam.exe process ended, another was queued.  So, for any particular moment, there were theoretically 40 gam.exe processes running at once (40 accounts at a time).

Anyway, it was fast at first, but then it got really slow.  I don't know if I was chewing up to much memory on my server, or if I was reaching some quota limit on the Google servers.

We are investigating other options, including manual HTTP POST requests, and C#/ASP.net.

If there's not a better way, I'd like to see if DITO/Gam.exe can code this as a feature....