![]() ![]() Let’s say I need to force a password reset on all users in the Marketing Department. All I have to do is come up with a PowerShell expression to get the necessary user accounts. ![]() I already have code that works for resetting the password and forcing the user to change a password at the next logon. The beauty of PowerShell is that if you can do something for one object, such as a user account, you can do it for many. User must change password at next logon Do it for many ^ Unfortunately, at least in my opinion, the –ChangePasswordAtLogon is not a switch, so you have to explicitly specify a Boolean value. PS C:\> Set-ADAccountPassword jfrost -NewPassword $newpwd -Reset -PassThru | Set-ADuser -ChangePasswordAtLogon $True When you do that, you get the user object, which is handy because this can be piped to Set-ADuser. This is the default behavior unless you use –Passthru. If you try this command, you’ll notice that you get nothing written to the pipeline. I can do that as well by adding another step to my pipelined expression. But many organizations also want to force users to change their password at the next logon. The command uses my current credentials, but it also supports –Credential if I want to make the change using a different account. With this simple command, I’ve reset the password for user Jack Frost. Do it for one ^Īrmed with the new password, you'll find it is as easy as this to reset a user’s password: PS C:\> Set-ADAccountPassword jfrost -NewPassword $newpwd –Reset Otherwise, you will still get prompted or get an error. Or you can create it without any user intervention: PS C:\> $newpwd = ConvertTo-SecureString -String -AsPlainText –Force ![]() ![]() You can create it like this: PS C:\> $newpwd = Read-Host "Enter the new password" -AsSecureString The only tricky part is that the new password must be specified as a SecureString. If you don’t use the –Reset option, you have to also specify the user’s old password. To use it, all you need to do is specify the account and the new password and that you are resetting it. The cmdlet to use is called Set-ADAccountPassword. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |