Powershell – How to set AD password to expired / to be changed with PowerShell

active-directorypassword-resetpowershell

I need to reset a whole load of user passwords and then set them as expired or "User must change password on next login"
The password is easy to change with SetADAccountPassword.

Looking at the SetADAccountControl cmdlet instructions suggests there is a "PasswordExpired" parameter in the description, but there is no mention of that parameter in the rest of the text. If I try it, it doesn't exist.

Ideally I'm hoping for a fairly simple, Powershell command to do it! I don't have any other scripting language on the server.

Thanks.

Best Answer

Get-ADUser -Identity $name | Set-ADUser -ChangePasswordAtLogon:$true

Should do the trick.

Related Solutions

Powershell 2: Add multiple members to distribution group with one call

I'm not sure why you don't want to use a loop construct; that's kinda one of the major features of PS. A simple:

Import-CSV FileName.csv | ForEach {Add-DistributionGroupMember -Identity "GROUP-NAME" -Member $_.Name}

would easily do the trick. Failing that, though, there's no cmdlet to do exactly what you want. You could do a

Remove-DistributionGroup GROUP-NAME; New-DistributionGroup -Name GROUP-NAME -Members memberlist

but that's a little cheesy.

Powershell – Delegate permissions to Admins for Password reset and “Change password on next logon” in AD

There is a bug in Server 2003 that causes this to happen. The a MS KB article that fixes exactly the problem you are describing. If you have already obtained the relevant service pack, then perhaps @EvanAnderson's answer would help you out.

http://support.microsoft.com/kb/832481

Best Answer

Related Solutions

Powershell 2: Add multiple members to distribution group with one call

Powershell – Delegate permissions to Admins for Password reset and “Change password on next logon” in AD

Related Topic