The following script allows you to force the password change at the next logon.
# Removing the password not expiring
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -PasswordNeverExpires $False
# Removed the impossibility to change the password
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -CannotChangePassword $False
# We force the change
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -ChangePasswordAtLogon $True
Tip: Run the script at night, if the password date has expired, users will have to make the change as soon as the script runs.
hi,
amazing.
how about adding “-recurse” parameter to get child OUs out of a parent OU?
Stefanos
Hi,
The command is already recursive
Romain