Solved

Change settings for a batch of users in Active Directory using a CSV file?

Posted on 2011-03-01
7
1,194 Views
Last Modified: 2012-08-14
I used Quest's cmdlets to create a CSV file with the names of the users in my domain along with the date their password was last changed.  This was the command I used:

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv

What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon.  There are 300+ users, so I'm trying to save a long time.  There are 300+ users that already changed their password last week so I don't want to change every account setting.

Thanks
0
Comment
Question by:Ad-Apex
  • 3
  • 3
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 350 total points
ID: 35010384
I would use the quest cmdlets and do this, but make on change to your original script. Add samaccountname

get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires, samaccountname | Export-csv c:\userspasswords.csv

Then do this

$Users = import-csv c:\userspasswords.csv
$Users | %{
get-qaduser -samaccountname $_.samaccountname | Set-qaduser -UserMustChangePassword $True
}
0
 
LVL 9

Assisted Solution

by:tl121000
tl121000 earned 150 total points
ID: 35010410
If this does not work - why not use Active Directory Users and computers.

Select multiple users >>> right click >>> properties >>> account >>> check the user must change password on next logon (both boxes).

*** I am all for scripting, but this will work too.
0
 

Author Comment

by:Ad-Apex
ID: 35010992
KenMcF,
How would I modify the script to change multiple attributes. For example, I also want to turn the "Password Never Expires" box off on everyone.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 27

Expert Comment

by:KenMcF
ID: 35011147
For that Quest make it easy. Just add this

-PasswordNeverExpires $False
0
 

Author Comment

by:Ad-Apex
ID: 35011424
Is there a list of these attributes somewhere? I need some others as well, such as "User Cannot Change Password"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 35011496
To get all the switches for the cmdlets you can run

get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt

The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.

http://bsonposh.com/archives/341
0
 

Author Closing Comment

by:Ad-Apex
ID: 35019350
Selecting multiple users in ADUC worked well for some parts of what i needed to do with this project so I awarded some pooints there.  The users are split between many OUs however, so it was a little cumbersome. With the script technique I could run the report, filter the users i wanted by specific criteria, and then flip the appropriate bit on certain ones- a real time-saver.

Thanks to both of you.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now