PowerShell: Force password change of users in an OU

The following script allows you to force the password change at the next logon.

# Removing the password not expiring
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -PasswordNeverExpires $False
# Removed the impossibility to change the password
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -CannotChangePassword $False
# We force the change
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -ChangePasswordAtLogon $True

Tip: Run the script at night, if the password date has expired, users will have to make the change as soon as the script runs.

Romain Drouche

System Architect | MCSE: Core Infrastructure

IT infrastructure expert with over 15 years of field experience. Currently a Systems and Networks Project Manager and Information Systems Security (ISS) expert, I use my expertise to ensure the reliability and security of technological environments.

2 thoughts on “PowerShell: Force password change of users in an OU”

Stefanos Constantinou
20 February 2024 at 11 11 27 02272
hi,
amazing.
how about adding “-recurse” parameter to get child OUs out of a parent OU?
Stefanos
Reply
- Romain
  21 February 2024 at 15 03 04 02042
  Hi,
  The command is already recursive
  Romain
  Reply

📚 Articles similaires

2 thoughts on “PowerShell: Force password change of users in an OU”

Leave a Comment Cancel reply