Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3197
  • Last Modified:

Enabling "User must change password at first login"

So my code has been working fine for a while now.  I attempted to get the "User Must Change Password at First Login" to be checked, but it NEVER worked.  All the rest is fine, like I said.

I think my issue lies with not Powershell, but with ADSI.  I looked around for a couple days on the net a while back, and didn't find a way to do this.  I tried to to use the -objectAttributes custom change, but that didn't work either.  From what I recall, if you change the pwdLastSet to 0, and then set userAccountControl to 512, you should be able to get the "User Must Change..." to be checked.  Obviously this didn't work.  Anyone have any ideas?  BSonPosh?  I got some more questions for you after this one too, so stay tuned :)

And also I have QAD addin installed.  At the time I write this script (February I think), I had the latest QAD release.  I don't think the problem resides in the QAD though.  In thinking about this as I'm writing, I'm also wondering if I would have to change that attribute AFTER I create the account.  Which I think I might have tried, but I can't really recall.

Thanks for any help in advance.
New-QADUser -ParentContainer 'ou=NewUsers, ou=Users, dc=Contoso, dc=com' `
 -Name $strName `
 -Description $strDescription `
 -sAMAccountName $sAMAccountName `
 -UserPrincipalName $userPName `
 -lastName $strLast `
 -FirstName $strFirst `
 -displayName $strDisplayName `
 -userPassword 'userPassword' `
 -office $strOffice `
 -phone $strPhone `
 -objectAttributes @{accountExpires = '123123432000000000'; `
 scriptPath = 'logon.bat'; `
 pwdLastSet = '0'; `
 userAccountControl = '512'}

Open in new window

0
Dale Harris
Asked:
Dale Harris
  • 2
  • 2
1 Solution
 
BSonPoshCommented:
Setting pwdLastSet to "0" should indeed check that box in the GUI. The userAccountControl is not needed. That just enable/disables the user. Quest has cmdlets for those enable-qaduser.

Why are you setting accountExpires?

And yes... you should do a two step process (three really)
create user
set properties
enable user
0
 
Dale HarrisProfessional Services EngineerAuthor Commented:
The reason why I have the userAccountControl in there is because it's only one extra part, and if I had to do Enable-QADuser, it would be a separate command.

I created a timer to basically set a delay using the get-date class (3 seconds).
That was because I was having a hard time finding the user after immediately creating them.

Then I put in the information to be changed:

Set-QADUser -identity "domain\$username" -objectAttributes @{pwdLastSet = '0';UserAccountControl='512'}

Thanks for your help Brandon.

It works great now.  My next question that I'm going to submit (is this allowed to say this) is I'm trying to create mailboxes for exchange 2003 for each person that I create with my script.  And I found some pretty gnarly ways to do it, but they look REALLY complex, and I was going to ask if you knew a way to do it that's easier, and just default.  Just like  you would if you were doing an "exchange tasks -> Create Mailbox -> Pick server -> Done".  That's default!  Why does it have to be so freaking complex!  I'm going to give you the points right now, and then submit the new question after dinner time.

Also, I finally got Bruce Payette's "Powershell in Action" book.

I can't believe I didn't read it when I first started 6 months ago in Powershell.  I regret not buying it until now.
It's a great read, and I recommend it for anyone wanting to get into Powershell.

-Dale Harris
0
 
Dale HarrisProfessional Services EngineerAuthor Commented:
Again, I can't thank you enough.  You've saved me more time in my day  than I can ever pay back.  You know Powershell... truly.
-Dale Harris
0
 
BSonPoshCommented:
you need to be careful setting userAccountControl. It is a bitwise and you could end up breaking it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now