Powershell – New-ADuser force to change password at next logon

active-directorypowershellwindows-server-2012-r2

I want to use Powershell New-ADuser to add new user in that, new user must have change password at first time logon. I find the attribute "-ChangePasswordAtLogon" but when I use it, new user still not enable option change password at first time login.

New-ADUser -Name "Nguyen Van Nam" -GivenName "Nguyen Van" -Surname Nam -SamAccountName namnv -UserPrincipalName namnv@queencenter.local -ChangePasswordAtLogon 1 -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -PassThru | Enable-ADAccount

Best Answer

We had to do this recently for all our users. Essentially something like:

$myUser = Get-ADUser [your filter or search parameters; embed in a foreach if you need to]
$myUser.pwdLastSet = 0
Set-ADUser -Instance $myUser

This will do the trick.

Related Solutions

Powershell – how to set multiple action on get-aduser “dataset”

Your pipeline doesn't work the way you expect it does.

$UserList=Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local"
foreach ($User in $UserList) {
    Set-ADAccountPassword $User -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassord" -Force
    Enable-ADAccount $User
    Set-ADUSER $user -ChangePasswordAtLogon $true
}

Pipelines aren't good for multiple actions on the same object. They only work if each command in the pipeline forwards the same object as the initial object. For that, iterating through a loop makes a lot more sense.

Powershell – Delegate permissions to Admins for Password reset and “Change password on next logon” in AD

There is a bug in Server 2003 that causes this to happen. The a MS KB article that fixes exactly the problem you are describing. If you have already obtained the relevant service pack, then perhaps @EvanAnderson's answer would help you out.

http://support.microsoft.com/kb/832481

Best Answer

Related Solutions

Powershell – how to set multiple action on get-aduser “dataset”

Powershell – Delegate permissions to Admins for Password reset and “Change password on next logon” in AD

Related Topic