Forum Discussion
Marvin Oco
Mar 13, 2021Steel Contributor
Force users to change their AD password
Is there a way that we can force users to their change AD password?
- cengizyilmazBrass Contributor
Can you explain your problem a little more? Do they change it to Local, or do they become m login with SSLVPN?
If you want to apply to a single userSet-ADUser -Identity -ChangePasswordAtLogon $true
To apply for the OU you specify
Import-Module ActiveDirectory Get-ADUser -Filter * -SearchBase “OU=TestOU,DC=TestDomain,DC=Local” | Set-ADUser -ChangePasswordAtLogon:$True
If you want to make a batch, you can prepare a file such as the attached csv file and use the ps code below
Import-Module ActiveDirectory Import-Csv “C:\Scripts\ADUsers.csv” | ForEach-Object {$samAccountName =$_.”samAccountName” Get-ADUser -Identity $samAccountName | Set-ADUser -ChangePasswordAtLogon:$True}
- Reza_AmeriSilver Contributor
In case you are referring to on-premise scenario , you may do it using Group Policy.
Open the Active Directory Users and Computers and then select the user you want to enforce them to change their password and there is an option called User must change password at next logon if you checked it, then next time when user has been logged it, they will be forced to change their password.