Script to forced to change user password immediat

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 14 years and 10 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
shellster
Posts: 3
Last visit: Mon May 11, 2009 11:51 pm

Script to forced to change user password immediat

Post by shellster »

Hi,

do you guys know of a powershell script that would force users to change their password immediately on their first login to an account or after a password reset to a
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Script to forced to change user password immediat

Post by jvierra »

Just set the accoount flag that says cjane password on next login and teh system will handle the rest for you.

This is done easily by selecting all users in the ADUC GUI and right-click and change the checkbox on the account tag.

User avatar
shellster
Posts: 3
Last visit: Mon May 11, 2009 11:51 pm

Script to forced to change user password immediat

Post by shellster »

so far this is already working however i cant seem to think of a way that would disable the account if the pwd is not changed within 1 day..
$root = [ADSI]''$searcher = new-object System.DirectoryServices.DirectorySearcher($root)$searcher.filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"$searcher.sizelimit = 5000 [Void]$searcher.PropertiesToLoad.Add("cn")[Void]$searcher.PropertiesToLoad.Add("samAccountName")[Void]$searcher.PropertiesToLoad.Add("pwdLastSet") $users = $searcher.findall() $UserOU = "OU=MyOU,DC=MY,DC=Domain,DC=net"$PWDays = (Get-Date).AddDays(-1) $UserCount = 0$UserPW = 0 foreach($user in $users) { if ($user.path -like "*$UserOU") { $usercount = $UserCount + 1 #Count the passwords not changed in more than $PWDays if ([datetime]::FromFileTime(($user.properties.pwdlastset)[0]) -le $PWDays) { $UserPW = $UserPW + 1 Write-Host $user.Properties.cn } } } #OutputWrite-Host ""Write-Host "------------------------------------------------------------------"write-host "Total User accounts: " $UserCountwrite-host "Users with passwords not changed in 1 days: " $UserPWWrite-Host "------------------------------------------------------------------"write-host ""
User avatar
jhicks
Posts: 1789
Last visit: Mon Oct 19, 2015 9:21 am

Script to forced to change user password immediat

Post by jhicks »

You would likely need to log the account names you change here and then use a separate script to run through the log checking the password age for each account. If it is greater than some threshhold, like the time interval since you last ran the original script, then disable the account. I might even go so far as to create a CSV file with this script to capture the account name, the time you flagged the password and anything else you might need. Then in your followup script, import this CSV and use the object properties, like time last set, to decide what to do.
This topic is 14 years and 10 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked