How to check user must change password at next logon flag via Powershell

Welcome Forums General PowerShell Q&A How to check user must change password at next logon flag via Powershell

This topic contains 5 replies, has 5 voices, and was last updated by

Ron
 
Participant
2 years, 2 months ago.

  • Author
    Posts
  • #55406

    Participant
    Points: 0
    Rank: Member

    I have been doing to report all user accounts that have the user must change password at next logon flag set, My question is : how do I set as `user must change password at next logon` instead of `1/1/1601 2:00:00 AM` in CSV output ? So I just want to set users who still has the box checked for "user must change password at next login" in active directory.

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed", "Title", "manager", "department", "employeeid"  | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},"Title",@{n=”Manager Name”;e={(Get-ADuser -identity $_.Manager -properties displayname).DisplayName}},"Department","employeeid" | sort-object -property ExpiryDate | Export-Csv -Path "c:\export\expirydatenew.csv" -NoTypeInformation -Encoding UTF8
  • #55418

    Participant
    Points: 1
    Rank: Member

    I don't think there is one particular flag you can trigger. It's either expired or not, which you can check by the expiry date. You can uset the Set-ADUSer boolean [-ChangePasswordAtLogon ] to set the flag.

    get-help set-aduser
    https://technet.microsoft.com/en-us/library/ee617215.aspx

  • #55424

    Participant
    Points: 21
    Rank: Member

    Are you asking how to set it or how to retrieve it? if the property pwdlastset is equal to 0 then user must change password is true.

  • #55435

    Participant
    Points: 0
    Rank: Member

    Hi Everyone,

    CSV output at this time( 1/1/1601 2:00:00 AM, users who has the box checked for "user must change password at next login" in active directory):

    "Displayname","ExpiryDate","Title","Manager Name","Department","employeeid"
    ,,,,,
    ,,,,,
    "user1","1/1/1601 2:00:00 AM",,,,
    "user2","1/1/1601 2:00:00 AM",,,,

    I want to get CSV output like below :

    "Displayname","ExpiryDate","Title","Manager Name","Department","employeeid"
    ,,,,,
    ,,,,,
    "user1","User must change password",,,,
    "user2","User must change password",,,,

    I have tried something but no luck.

    @{Name="User must change password";Expression={if($_.pwdLastSet -eq 0){"true"} else {"false"}}}
  • #55544

    Participant
    Points: 0
    Rank: Member

    You need to reconstruct Expression for ExpiryDate field:
    @{Name="ExpiryDate";Expression={ if ($_."msDS-UserPasswordExpiryTimeComputed" -eq 0) { 'User must change password' } else { [datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") } } }

  • #55868
    Ron

    Participant
    Points: 2
    Rank: Member

    Get-ADUser already has a calculated field, PasswordLastSet. It will be null if the password is set to change at next logon. You can either leave it null or test and put in your own description. I usually substitute "(Never)" for reports to non-technical users.

The topic ‘How to check user must change password at next logon flag via Powershell’ is closed to new replies.