Mar 13 2021 01:20 AM
Is there a way that we can force users to their change AD password?
Mar 13 2021 01:37 AM
Can you explain your problem a little more? Do they change it to Local, or do they become m login with SSLVPN?
If you want to apply to a single user
Set-ADUser -Identity -ChangePasswordAtLogon $true
To apply for the OU you specify
Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase “OU=TestOU,DC=TestDomain,DC=Local” | Set-ADUser -ChangePasswordAtLogon:$True
If you want to make a batch, you can prepare a file such as the attached csv file and use the ps code below
Import-Module ActiveDirectory
Import-Csv “C:\Scripts\ADUsers.csv” | ForEach-Object {$samAccountName =$_.”samAccountName” Get-ADUser -Identity $samAccountName | Set-ADUser -ChangePasswordAtLogon:$True}
Mar 14 2021 07:43 AM
In case you are referring to on-premise scenario , you may do it using Group Policy.
Open the Active Directory Users and Computers and then select the user you want to enforce them to change their password and there is an option called User must change password at next logon if you checked it, then next time when user has been logged it, they will be forced to change their password.