How to set AD password to expired / to be changed with PowerShell

Question

I need to reset a whole load of user passwords and then set them as expired or "User must change password on next login" The password is easy to change with SetADAccountPassword.

Looking at the SetADAccountControl cmdlet instructions suggests there is a "PasswordExpired" parameter in the description, but there is no mention of that parameter in the rest of the text. If I try it, it doesn't exist.

Ideally I'm hoping for a fairly simple, Powershell command to do it! I don't have any other scripting language on the server.

Thanks.

score 10 · Accepted Answer · answered Nov 27 '13 at 17:50

10

Get-ADUser -Identity $name | Set-ADUser -ChangePasswordAtLogon:$true

Should do the trick.

answered Nov 27 '13 at 17:50

Ryan Ries

55,011
9
138
197

Note that this is only compatible with 2008 R2: http://technet.microsoft.com/en-us/library/dd391883%28v=ws.10%29.aspx – Robin Aug 07 '14 at 11:58
I tried on Server 2012 R2 and it worked, off-course I had to supply the credentials for the admin user for the AD. – Vinay Mar 31 '19 at 02:22

score 1 · Answer 2 · answered May 03 '17 at 22:10

1

Office365 / ExchangeOnline / Exchange 2016 on Premises:

Connect-MsolService
$email = example@contoso.onmicrosoft.com
Set-MsolUser -UserPrincipalName $email |Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true

answered May 03 '17 at 22:10

Mansueli

111
3

How to set AD password to expired / to be changed with PowerShell

2 Answers2