Forum Discussion

Marvin Oco's avatar
Marvin Oco
Steel Contributor
Mar 13, 2021

Force users to change their AD password

Is there a way that we can force users to their change AD password?

 

 

  • cengizyilmaz's avatar
    cengizyilmaz
    Brass Contributor

    Marvin Oco 

    Can you explain your problem a little more? Do they change it to Local, or do they become m login with SSLVPN?


    If you want to apply to a single user

    Set-ADUser -Identity -ChangePasswordAtLogon $true

     

    To apply for the OU you specify

    Import-Module ActiveDirectory
    Get-ADUser -Filter * -SearchBase “OU=TestOU,DC=TestDomain,DC=Local” | Set-ADUser -ChangePasswordAtLogon:$True

     

    If you want to make a batch, you can prepare a file such as the attached csv file and use the ps code below

     

    Import-Module ActiveDirectory
    Import-Csv “C:\Scripts\ADUsers.csv” | ForEach-Object {$samAccountName =$_.”samAccountName” Get-ADUser -Identity $samAccountName | Set-ADUser -ChangePasswordAtLogon:$True}

     

  • Reza_Ameri's avatar
    Reza_Ameri
    Silver Contributor

    In case you are referring to on-premise scenario , you may do it using Group Policy.

    Open the Active Directory Users and Computers and then select the user you want to enforce them to change their password and there is an option called User must change password at next logon if you checked it, then next time when user has been logged it, they will be forced to change their password.

Resources