Knowledgebase: Windows Desktop OS
Powershell: Set AD User Must Change Password At Next Logon
Posted by Paul O'Brien, Last modified by Paul O'Brien on 21/03/19 10:40

How to use Powershell to Set AD User Must Change Password At Next Logon

Open powershell (Run as administrator)

To change for one user
Set-ADUser -Identity <samAccountName> -ChangePasswordAtLogon $true

*note
samAccountName = username

To change for all users or user group
Get-ADUser -Filter * -SearchBase “OU=*,DC=**,DC=*** | Set-ADUser -CannotChangePassword:$false -PasswordNeverExpires:$false -ChangePasswordAtLogon:$true
Set-ADUser -Identity <samAccountName> -ChangePasswordAtLogon $true

*note
The following is the filters for the user group you want to change:
OU=Organizational Unit,DC=Domain name,DC=Domain name (second part), i.e .local

example:
Get-ADUser -Filter * -SearchBase “OU=MyBusiness,DC=RBIreland,DC=local” | Set-ADUser -CannotChangePassword:$false -PasswordNeverExpires:$false -ChangePasswordAtLogon:$true
Set-ADUser -Identity <samAccountName> -ChangePasswordAtLogon $true

(31 vote(s))
Helpful
Not helpful