Solved

Change settings for a batch of users in Active Directory using a CSV file?

Posted on 2011-03-01
7
1,212 Views
Last Modified: 2012-08-14
I used Quest's cmdlets to create a CSV file with the names of the users in my domain along with the date their password was last changed.  This was the command I used:

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv

What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon.  There are 300+ users, so I'm trying to save a long time.  There are 300+ users that already changed their password last week so I don't want to change every account setting.

Thanks
0
Comment
Question by:Ad-Apex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 350 total points
ID: 35010384
I would use the quest cmdlets and do this, but make on change to your original script. Add samaccountname

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires, samaccountname | Export-csv c:\userspasswords.csv

Then do this

$Users = import-csv c:\userspasswords.csv
$Users | %{
get-qaduser -samaccountname $_.samaccountname | Set-qaduser -UserMustChangePassword $True
}
0
 
LVL 9

Assisted Solution

by:tl121000
tl121000 earned 150 total points
ID: 35010410
If this does not work - why not use Active Directory Users and computers.

Select multiple users >>> right click >>> properties >>> account >>> check the user must change password on next logon (both boxes).

*** I am all for scripting, but this will work too.
0
 

Author Comment

by:Ad-Apex
ID: 35010992
KenMcF,
How would I modify the script to change multiple attributes. For example, I also want to turn the "Password Never Expires" box off on everyone.
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 27

Expert Comment

by:KenMcF
ID: 35011147
For that Quest make it easy. Just add this

-PasswordNeverExpires $False
0
 

Author Comment

by:Ad-Apex
ID: 35011424
Is there a list of these attributes somewhere? I need some others as well, such as "User Cannot Change Password"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35011496
To get all the switches for the cmdlets you can run

get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt

The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.

http://bsonposh.com/archives/341
0
 

Author Closing Comment

by:Ad-Apex
ID: 35019350
Selecting multiple users in ADUC worked well for some parts of what i needed to do with this project so I awarded some pooints there.  The users are split between many OUs however, so it was a little cumbersome. With the script technique I could run the report, filter the users i wanted by specific criteria, and then flip the appropriate bit on certain ones- a real time-saver.

Thanks to both of you.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question