Trying to reset password for all users in OU

I am having issues getting this to run correctly. Could anyone point me in the right direction?

$stu = Get-ADUser -Filter * -SearchBase "ou=elementary,ou=students,dc=test,dc=net"   -Server

Set-ADAccountPassword -Identity $stu -Server -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "password" -Force) -WhatIf

When I run this I get an error:

Set-ADAccountPassword : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADAccount' required by parameter 'Identity'. Specified method is not supported.

So, as a note, we don’t use backticks to denote code. Instructions for code formatting are listed above the posting text box.

Get-ADUser is returning an array of objects, which is why you’re seeing [object]. The -Identity parameter of Set-ADAccountPassword accepts only a single value, not an array. You can’t, in other words, do what you’re trying - bulk-change passwords. You have to do them one at a time, such as using a ForEach-Object command. The idea being:

Get-ADUser | ForEach-Object { Set-ADAccountPassword -Identity $_ }

Hi Michael,

Have you had a look to see how many objects are being returned by the Get-ADUser? Judging by the reference in the error to an object array, I think it’s likely that you’ve received more than one, at which point $stu will become an array of (AD account) objects.

If you find thats the case, then you could either try using the pipeline, or a foreach loop to reset the individual account’s passwords.


ForEach ($user in $stu) {
Set-ADAccountPassword -Identity $user -Server -Reset `
-NewPassword (ConvertTo-SecureString -AsPlainText “password” -Force) -WhatIf

Thank you, adding foreach solved the issue.

*Original Code has been edited, thanks Don.