How to check user must change password at next logon flag via Powershell

I have been doing to report all user accounts that have the user must change password at next logon flag set, My question is : how do I set as `user must change password at next logon` instead of `1/1/1601 2:00:00 AM` in CSV output ? So I just want to set users who still has the box checked for “user must change password at next login” in active directory.

<pre>Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed", "Title", "manager", "department", "employeeid"  | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}},"Title",@{n=”Manager Name”;e={(Get-ADuser -identity $_.Manager -properties displayname).DisplayName}},"Department","employeeid" | sort-object -property ExpiryDate | Export-Csv -Path "c:\export\expirydatenew.csv" -NoTypeInformation -Encoding UTF8</pre>

I don’t think there is one particular flag you can trigger. It’s either expired or not, which you can check by the expiry date. You can uset the Set-ADUSer boolean [-ChangePasswordAtLogon ] to set the flag.

get-help set-aduser
https://technet.microsoft.com/en-us/library/ee617215.aspx

Are you asking how to set it or how to retrieve it? if the property pwdlastset is equal to 0 then user must change password is true.

Hi Everyone,

CSV output at this time( 1/1/1601 2:00:00 AM, users who has the box checked for “user must change password at next login” in active directory):

“Displayname”,“ExpiryDate”,“Title”,“Manager Name”,“Department”,“employeeid”
,
,
“user1”,“1/1/1601 2:00:00 AM”,
“user2”,“1/1/1601 2:00:00 AM”,

I want to get CSV output like below :

“Displayname”,“ExpiryDate”,“Title”,“Manager Name”,“Department”,“employeeid”
,
,
“user1”,“User must change password”,
“user2”,“User must change password”,

I have tried something but no luck.

@{Name="User must change password";Expression={if($_.pwdLastSet -eq 0){"true"} else {"false"}}}

You need to reconstruct Expression for ExpiryDate field:
@{Name=“ExpiryDate”;Expression={ if ($.“msDS-UserPasswordExpiryTimeComputed” -eq 0) { ‘User must change password’ } else { [datetime]::FromFileTime($.“msDS-UserPasswordExpiryTimeComputed”) } } }

Get-ADUser already has a calculated field, PasswordLastSet. It will be null if the password is set to change at next logon. You can either leave it null or test and put in your own description. I usually substitute “(Never)” for reports to non-technical users.