Solved

Change settings for a batch of users in Active Directory using a CSV file?

Posted on 2011-03-01
7
1,205 Views
Last Modified: 2012-08-14
I used Quest's cmdlets to create a CSV file with the names of the users in my domain along with the date their password was last changed.  This was the command I used:

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv

What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon.  There are 300+ users, so I'm trying to save a long time.  There are 300+ users that already changed their password last week so I don't want to change every account setting.

Thanks
0
Comment
Question by:Ad-Apex
  • 3
  • 3
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 350 total points
ID: 35010384
I would use the quest cmdlets and do this, but make on change to your original script. Add samaccountname

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires, samaccountname | Export-csv c:\userspasswords.csv

Then do this

$Users = import-csv c:\userspasswords.csv
$Users | %{
get-qaduser -samaccountname $_.samaccountname | Set-qaduser -UserMustChangePassword $True
}
0
 
LVL 9

Assisted Solution

by:tl121000
tl121000 earned 150 total points
ID: 35010410
If this does not work - why not use Active Directory Users and computers.

Select multiple users >>> right click >>> properties >>> account >>> check the user must change password on next logon (both boxes).

*** I am all for scripting, but this will work too.
0
 

Author Comment

by:Ad-Apex
ID: 35010992
KenMcF,
How would I modify the script to change multiple attributes. For example, I also want to turn the "Password Never Expires" box off on everyone.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 27

Expert Comment

by:KenMcF
ID: 35011147
For that Quest make it easy. Just add this

-PasswordNeverExpires $False
0
 

Author Comment

by:Ad-Apex
ID: 35011424
Is there a list of these attributes somewhere? I need some others as well, such as "User Cannot Change Password"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35011496
To get all the switches for the cmdlets you can run

get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt

The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.

http://bsonposh.com/archives/341
0
 

Author Closing Comment

by:Ad-Apex
ID: 35019350
Selecting multiple users in ADUC worked well for some parts of what i needed to do with this project so I awarded some pooints there.  The users are split between many OUs however, so it was a little cumbersome. With the script technique I could run the report, filter the users i wanted by specific criteria, and then flip the appropriate bit on certain ones- a real time-saver.

Thanks to both of you.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question