Force users to change their AD password

%3CLINGO-SUB%20id%3D%22lingo-sub-2207001%22%20slang%3D%22en-US%22%3EForce%20users%20to%20change%20their%20AD%20password%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2207001%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20that%20we%20can%20force%20users%20to%20their%20change%20AD%20password%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2207001%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2207036%22%20slang%3D%22en-US%22%3ERe%3A%20Force%20users%20to%20change%20their%20AD%20password%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2207036%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F61448%22%20target%3D%22_blank%22%3E%40Marvin%20Oco%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20explain%20your%20problem%20a%20little%20more%3F%20Do%20they%20change%20it%20to%20Local%2C%20or%20do%20they%20become%20m%20login%20with%20SSLVPN%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIf%20you%20want%20to%20apply%20to%20a%20single%20user%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3ESet-ADUser%20-Identity%20-ChangePasswordAtLogon%20%24true%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20apply%20for%20the%20OU%20you%20specify%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EImport-Module%20ActiveDirectory%0AGet-ADUser%20-Filter%20*%20-SearchBase%20%E2%80%9COU%3DTestOU%2CDC%3DTestDomain%2CDC%3DLocal%E2%80%9D%20%7C%20Set-ADUser%20-ChangePasswordAtLogon%3A%24True%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20want%20to%20make%20a%20batch%2C%20you%20can%20prepare%20a%20file%20such%20as%20the%20attached%20csv%20file%20and%20use%20the%20ps%20code%20below%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%20class%3D%22lia-code-sample%20language-powershell%22%3E%3CCODE%3EImport-Module%20ActiveDirectory%0AImport-Csv%20%E2%80%9CC%3A%5CScripts%5CADUsers.csv%E2%80%9D%20%7C%20ForEach-Object%20%7B%24samAccountName%20%3D%24_.%E2%80%9DsamAccountName%E2%80%9D%20Get-ADUser%20-Identity%20%24samAccountName%20%7C%20Set-ADUser%20-ChangePasswordAtLogon%3A%24True%7D%3C%2FCODE%3E%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2208939%22%20slang%3D%22en-US%22%3ERe%3A%20Force%20users%20to%20change%20their%20AD%20password%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2208939%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20case%20you%20are%20referring%20to%20on-premise%20scenario%20%2C%20you%20may%20do%20it%20using%20Group%20Policy.%3C%2FP%3E%3CP%3EOpen%20the%26nbsp%3B%3CSTRONG%3EActive%20Directory%20Users%20and%20Computers%26nbsp%3B%3C%2FSTRONG%3Eand%20then%20select%20the%20user%20you%20want%20to%20enforce%20them%20to%20change%20their%20password%20and%20there%20is%20an%20option%20called%26nbsp%3B%3CSTRONG%3EUser%20must%20change%20password%20at%20next%20logon%26nbsp%3B%3C%2FSTRONG%3Eif%20you%20checked%20it%2C%20then%20next%20time%20when%20user%20has%20been%20logged%20it%2C%20they%20will%20be%20forced%20to%20change%20their%20password.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Super Contributor

Is there a way that we can force users to their change AD password?

 

 

2 Replies

@Marvin Oco 

Can you explain your problem a little more? Do they change it to Local, or do they become m login with SSLVPN?


If you want to apply to a single user

Set-ADUser -Identity -ChangePasswordAtLogon $true

 

To apply for the OU you specify

Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase “OU=TestOU,DC=TestDomain,DC=Local” | Set-ADUser -ChangePasswordAtLogon:$True

 

If you want to make a batch, you can prepare a file such as the attached csv file and use the ps code below

 

Import-Module ActiveDirectory
Import-Csv “C:\Scripts\ADUsers.csv” | ForEach-Object {$samAccountName =$_.”samAccountName” Get-ADUser -Identity $samAccountName | Set-ADUser -ChangePasswordAtLogon:$True}

 

In case you are referring to on-premise scenario , you may do it using Group Policy.

Open the Active Directory Users and Computers and then select the user you want to enforce them to change their password and there is an option called User must change password at next logon if you checked it, then next time when user has been logged it, they will be forced to change their password.