Hi,
do you guys know of a powershell script that would force users to change their password immediately on their first login to an account or after a password reset to a
Script to forced to change user password immediat
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Script to forced to change user password immediat
Just set the accoount flag that says cjane password on next login and teh system will handle the rest for you.
This is done easily by selecting all users in the ADUC GUI and right-click and change the checkbox on the account tag.
This is done easily by selecting all users in the ADUC GUI and right-click and change the checkbox on the account tag.
Script to forced to change user password immediat
so far this is already working however i cant seem to think of a way that would disable the account if the pwd is not changed within 1 day..
$root = [ADSI]''$searcher = new-object System.DirectoryServices.DirectorySearcher($root)$searcher.filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"$searcher.sizelimit = 5000 [Void]$searcher.PropertiesToLoad.Add("cn")[Void]$searcher.PropertiesToLoad.Add("samAccountName")[Void]$searcher.PropertiesToLoad.Add("pwdLastSet") $users = $searcher.findall() $UserOU = "OU=MyOU,DC=MY,DC=Domain,DC=net"$PWDays = (Get-Date).AddDays(-1) $UserCount = 0$UserPW = 0 foreach($user in $users) { if ($user.path -like "*$UserOU") { $usercount = $UserCount + 1 #Count the passwords not changed in more than $PWDays if ([datetime]::FromFileTime(($user.properties.pwdlastset)[0]) -le $PWDays) { $UserPW = $UserPW + 1 Write-Host $user.Properties.cn } } } #OutputWrite-Host ""Write-Host "------------------------------------------------------------------"write-host "Total User accounts: " $UserCountwrite-host "Users with passwords not changed in 1 days: " $UserPWWrite-Host "------------------------------------------------------------------"write-host ""
$root = [ADSI]''$searcher = new-object System.DirectoryServices.DirectorySearcher($root)$searcher.filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"$searcher.sizelimit = 5000 [Void]$searcher.PropertiesToLoad.Add("cn")[Void]$searcher.PropertiesToLoad.Add("samAccountName")[Void]$searcher.PropertiesToLoad.Add("pwdLastSet") $users = $searcher.findall() $UserOU = "OU=MyOU,DC=MY,DC=Domain,DC=net"$PWDays = (Get-Date).AddDays(-1) $UserCount = 0$UserPW = 0 foreach($user in $users) { if ($user.path -like "*$UserOU") { $usercount = $UserCount + 1 #Count the passwords not changed in more than $PWDays if ([datetime]::FromFileTime(($user.properties.pwdlastset)[0]) -le $PWDays) { $UserPW = $UserPW + 1 Write-Host $user.Properties.cn } } } #OutputWrite-Host ""Write-Host "------------------------------------------------------------------"write-host "Total User accounts: " $UserCountwrite-host "Users with passwords not changed in 1 days: " $UserPWWrite-Host "------------------------------------------------------------------"write-host ""
Script to forced to change user password immediat
You would likely need to log the account names you change here and then use a separate script to run through the log checking the password age for each account. If it is greater than some threshhold, like the time interval since you last ran the original script, then disable the account. I might even go so far as to create a CSV file with this script to capture the account name, the time you flagged the password and anything else you might need. Then in your followup script, import this CSV and use the object properties, like time last set, to decide what to do.