PowerShell: Force password change of users in an OU

The following script allows you to force the password change at the next logon.


# Removing the password not expiring
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -PasswordNeverExpires $False
# Removed the impossibility to change the password
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -CannotChangePassword $False
# We force the change
Get-ADUser -Filter * -SearchBase "OU=USERS_TEST,DC=lab,DC=intra" | Set-ADUser -ChangePasswordAtLogon $True

Tip: Run the script at night, if the password date has expired, users will have to make the change as soon as the script runs.


Related Posts

Setting up a read-only domain controller – RODC
Introduction In this article, we are going to have how to set up a read-only domain controller (RODC). This type of controller, as the name suggests, is read-only, so it can not change user attributes or even add objects. There are several implementa

Active Directory : increase the functional level of the domain and the forest
Presentation The functional level of the domain and forest corresponds to the "version" of your Active Directory environment and allows access to more or fewer features depending on the level of each. Mainly this level change occurs when upgrading to

MDT: Running a PowerShell Script During a Deployment
In this article, I explain how to run a PowerShell script (ps1 file) during a deployment with MDT. Copy the ps1 << 1 >> file to the Scripts folder in the folder. Open the properties of the sequence and add a task of type Run Command Line