Solved

Change settings for a batch of users in Active Directory using a CSV file?

Posted on 2011-03-01
7
1,208 Views
Last Modified: 2012-08-14
I used Quest's cmdlets to create a CSV file with the names of the users in my domain along with the date their password was last changed.  This was the command I used:

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv

What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon.  There are 300+ users, so I'm trying to save a long time.  There are 300+ users that already changed their password last week so I don't want to change every account setting.

Thanks
0
Comment
Question by:Ad-Apex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 350 total points
ID: 35010384
I would use the quest cmdlets and do this, but make on change to your original script. Add samaccountname

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires, samaccountname | Export-csv c:\userspasswords.csv

Then do this

$Users = import-csv c:\userspasswords.csv
$Users | %{
get-qaduser -samaccountname $_.samaccountname | Set-qaduser -UserMustChangePassword $True
}
0
 
LVL 9

Assisted Solution

by:tl121000
tl121000 earned 150 total points
ID: 35010410
If this does not work - why not use Active Directory Users and computers.

Select multiple users >>> right click >>> properties >>> account >>> check the user must change password on next logon (both boxes).

*** I am all for scripting, but this will work too.
0
 

Author Comment

by:Ad-Apex
ID: 35010992
KenMcF,
How would I modify the script to change multiple attributes. For example, I also want to turn the "Password Never Expires" box off on everyone.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 27

Expert Comment

by:KenMcF
ID: 35011147
For that Quest make it easy. Just add this

-PasswordNeverExpires $False
0
 

Author Comment

by:Ad-Apex
ID: 35011424
Is there a list of these attributes somewhere? I need some others as well, such as "User Cannot Change Password"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35011496
To get all the switches for the cmdlets you can run

get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt

The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.

http://bsonposh.com/archives/341
0
 

Author Closing Comment

by:Ad-Apex
ID: 35019350
Selecting multiple users in ADUC worked well for some parts of what i needed to do with this project so I awarded some pooints there.  The users are split between many OUs however, so it was a little cumbersome. With the script technique I could run the report, filter the users i wanted by specific criteria, and then flip the appropriate bit on certain ones- a real time-saver.

Thanks to both of you.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question