Active Directory Password Expiration

Attempting to write a script that automatically forces all users to change their passwords upon next login and then reflect password expiration True. My attempts have been in vain so far.

Leonard, that is not a free script shop here. If you have a specific question to a sript you wrote or to some errors you get you can post this here and we will be pleased to try to help you but we do not write scripts on request.
If you’re looking for prewritten script you could search the Microsoft Technet Script Center or the Powershellgallery. I’m pretty sure there will be something you could adapt to your special needs.

you could probably use something like this:-

import-Module ActiveDirectory
‘Searchbase’ = ‘OU=Users,DC=example,DC=com’
‘Filter’ = ‘*’
‘Properties’ = ‘cn’,‘sn’,‘givenname’,‘displayName’,‘mail’,‘description’,‘UserPrincipalName’, ‘employeeNumber’, ‘profilepath’, ‘title’
$ADUsers = Get-ADUser @ADUserParams
ForEach ($ADUser in $ADUsers) {
$ADUser = Get-ADUser $ADUser -properties pwdlastset, ChangePasswordAtLogon
$ADUser.pwdlastset = 0
Set-ADUser -Instance $ADUser
$ADUser.pwdlastset = -1
Set-ADUser -instance $ADUser
set-aduser $ADUser -ChangePasswordAtLogon $True

or a 1 liner to make everyong change passwords on next logon

get-aduser -Filter * -SearchBase “OU=Users,DC=example,DC=com” | set-aduser -ChangePasswordAtLogon $True

The help desk will love you for this… Not :slight_smile:

You can use this script:

dsquery user “OU=Sales,OU=New York,dc=internal,dc=AcmeCorp,dc=com” | dsmod user -pwd ChangeThisNow! -mustchpwd yes -u Admin -p APassword

Please checkout thew following articles to get password expiration notification.