Hello, this is my first post on this forum. I searched through the forums and didn’t see a match to this topic but apologize if there is.
Due to the recent well known security bug we would like to expire users passwords that have used their credentials on sites that had the vulnerability. Forcing users to change their password on next logon is a possibility but not optimal. Group policy has the capability to set password policies but can a fine grained password policy be used on users that don’t share an group? Is it possible to grab a subset of AD users and change their password change date (expiration date) via PowerShell? pwdLastSet seems like it can be modified but not in a way to pick a date a user would need to change their password.
So this would be a subset of AD users that don’t share a unique AD group but need to change their password in the near future.
Thanks for any assistance.