Powershell: Active Directory – Set Change Password at Logon for all Users

When faced with a situation where you have an OU full of users who need to be forced to change password at logon your first option may instinctively be the GUI – Active Directory Users and Computer. This may seem a lot easier than powershell as you only need to highlight all the users, select properties and set the checkbox and there you have it.

However, if you needed to reverse the situation, you are not able to use the same procedure to select the checkbox for all users. This is where powershell saves the day. Here are the steps you need to take:

First things first, Launch a Powershell Window with the Active Directory module

Next, we need to get a list of Active Directory users that match our parameters, for this we will use the Get-ADUser cmdlet with a filter for all users in the OU called Users in my domain.

Get-ADUser -Filter * -SearchBase "OU=Users,DC=justinfra,DC=co,DC=uk

The next step would be to use the | (pipe key) to pipe the results from that search and set the properties for each user account. A quick reference from TechNet Library for the Get-ADUser cmdlet will list -changepasswordatlogon as an available parameter. So we would need to use a foreach-object command to set this property. Here is the full powershell command:

Get-ADUser -Filter * -SearchBase "OU=Users,DC=justinfrastructure,DC=co,DC=uk" | foreach-object {set-aduser $_.SamAccountName -changepasswordatlogon 0 }

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.