PowerShell: Force password change of users in an OU

The following script allows you to force the password change at the next logon.

 

# Removing the password not expiring
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -PasswordNeverExpires $False
# Removed the impossibility to change the password
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -CannotChangePassword $False
# We force the change
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -ChangePasswordAtLogon $True

Tip: Run the script at night, if the password date has expired, users will have to make the change as soon as the script runs.

 



Related Posts


Join a computer to an Active Directory domain

To join a computer to a domain you have several possibilities: By graphical interface Command Line (CMD, PowerShell) Prerequisites be an administrator on the local workstation. have an account on the

Active Directory: Migrate SYSVOL Folder from FRS to DFSR

Presentation Since Windows Server 2008 and its 2008 domain functional level, replication of the SYSVOL folder is supported by DFSR, before it was done by FRS. If your domain controllers are running Wi

Network share: enable enumeration based on access EBA

Introduction The access-based enumeration allows to display in a network share, only folders and files whose use has at least a right of reading. Other documents and folders will be hidden. Enabling t