Active Directory Password Expiration

This topic contains 3 replies, has 4 voices, and was last updated by  Anonymous 11 months, 3 weeks ago.

  • Author
  • #75970

    leonard hamilton

    Attempting to write a script that automatically forces all users to change their passwords upon next login and then reflect password expiration True. My attempts have been in vain so far.

  • #75977

    Olaf Soyk

    Leonard, that is not a free script shop here. If you have a specific question to a sript you wrote or to some errors you get you can post this here and we will be pleased to try to help you but we do not write scripts on request.
    If you're looking for prewritten script you could search the Microsoft Technet Script Center or the Powershellgallery. I'm pretty sure there will be something you could adapt to your special needs.

  • #76003

    Simon B

    you could probably use something like this:-

    import-Module ActiveDirectory
    'Searchbase' = 'OU=Users,DC=example,DC=com'
    'Filter' = '*'
    'Properties' = 'cn','sn','givenname','displayName','mail','description','UserPrincipalName', 'employeeNumber', 'profilepath', 'title'
    $ADUsers = Get-ADUser @ADUserParams
    ForEach ($ADUser in $ADUsers) {
    $ADUser = Get-ADUser $ADUser -properties pwdlastset, ChangePasswordAtLogon
    $ADUser.pwdlastset = 0
    Set-ADUser -Instance $ADUser
    $ADUser.pwdlastset = -1
    Set-ADUser -instance $ADUser
    set-aduser $ADUser -ChangePasswordAtLogon $True

    or a 1 liner to make everyong change passwords on next logon

    get-aduser -Filter * -SearchBase "OU=Users,DC=example,DC=com" | set-aduser -ChangePasswordAtLogon $True

    The help desk will love you for this.... Not 🙂

  • #76052


    You can use this script:

    dsquery user "OU=Sales,OU=New York,dc=internal,dc=AcmeCorp,dc=com" | dsmod user -pwd ChangeThisNow! -mustchpwd yes -u Admin -p APassword

    Please checkout thew following articles to get password expiration notification.

You must be logged in to reply to this topic.