Forum Discussion
Solved
Force users to change their AD password
Is there a way that we can force users to their change AD password?
Can you explain your problem a little more? Do they change it to Local, or do they become m login with SSLVPN?
If you want to apply to a single userSet-ADUser -Identity -ChangePasswordAtLogon $trueTo apply for the OU you specify
Import-Module ActiveDirectory Get-ADUser -Filter * -SearchBase “OU=TestOU,DC=TestDomain,DC=Local” | Set-ADUser -ChangePasswordAtLogon:$TrueIf you want to make a batch, you can prepare a file such as the attached csv file and use the ps code below
Import-Module ActiveDirectory Import-Csv “C:\Scripts\ADUsers.csv” | ForEach-Object {$samAccountName =$_.”samAccountName” Get-ADUser -Identity $samAccountName | Set-ADUser -ChangePasswordAtLogon:$True}
In case you are referring to on-premise scenario , you may do it using Group Policy.
Open the Active Directory Users and Computers and then select the user you want to enforce them to change their password and there is an option called User must change password at next logon if you checked it, then next time when user has been logged it, they will be forced to change their password.