Change settings for a batch of users in Active Directory using a CSV file?

I used Quest's cmdlets to create a CSV file with the names of the users in my domain along with the date their password was last changed.  This was the command I used:

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv

What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon.  There are 300+ users, so I'm trying to save a long time.  There are 300+ users that already changed their password last week so I don't want to change every account setting.

Thanks
Ad-ApexAsked:
Who is Participating?
 
KenMcFCommented:
I would use the quest cmdlets and do this, but make on change to your original script. Add samaccountname

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires, samaccountname | Export-csv c:\userspasswords.csv

Then do this

$Users = import-csv c:\userspasswords.csv
$Users | %{
get-qaduser -samaccountname $_.samaccountname | Set-qaduser -UserMustChangePassword $True
}
0
 
tl121000Commented:
If this does not work - why not use Active Directory Users and computers.

Select multiple users >>> right click >>> properties >>> account >>> check the user must change password on next logon (both boxes).

*** I am all for scripting, but this will work too.
0
 
Ad-ApexAuthor Commented:
KenMcF,
How would I modify the script to change multiple attributes. For example, I also want to turn the "Password Never Expires" box off on everyone.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
KenMcFCommented:
For that Quest make it easy. Just add this

-PasswordNeverExpires $False
0
 
Ad-ApexAuthor Commented:
Is there a list of these attributes somewhere? I need some others as well, such as "User Cannot Change Password"
0
 
KenMcFCommented:
To get all the switches for the cmdlets you can run

get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt

The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.

http://bsonposh.com/archives/341
0
 
Ad-ApexAuthor Commented:
Selecting multiple users in ADUC worked well for some parts of what i needed to do with this project so I awarded some pooints there.  The users are split between many OUs however, so it was a little cumbersome. With the script technique I could run the report, filter the users i wanted by specific criteria, and then flip the appropriate bit on certain ones- a real time-saver.

Thanks to both of you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.