Ad-Apex
asked on
Change settings for a batch of users in Active Directory using a CSV file?
I used Quest's cmdlets to create a CSV file with the names of the users in my domain along with the date their password was last changed. This was the command I used:
get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv
What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon. There are 300+ users, so I'm trying to save a long time. There are 300+ users that already changed their password last week so I don't want to change every account setting.
Thanks
get-qaduser -sizelimit 0 | Select Name, PasswordLastset, PasswordAge, PasswordExpires | Export-csv c:\userspasswords.csv
What I would like to do is edit the contents of the file, and then run a script against it that modifies the user properties in the file to have their password expire at next logon. There are 300+ users, so I'm trying to save a long time. There are 300+ users that already changed their password last week so I don't want to change every account setting.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For that Quest make it easy. Just add this
-PasswordNeverExpires $False
-PasswordNeverExpires $False
ASKER
Is there a list of these attributes somewhere? I need some others as well, such as "User Cannot Change Password"
To get all the switches for the cmdlets you can run
get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt
The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.
http://bsonposh.com/archives/341
get-help set-qaduser -full
or export to a txt file
get-help set-qaduser -full >setqaduser.txt
The "User Cannot Change Password" is not an attribute, it is a ACE on the user object. Take a look at Brandons blog post to change this.
http://bsonposh.com/archives/341
ASKER
Selecting multiple users in ADUC worked well for some parts of what i needed to do with this project so I awarded some pooints there. The users are split between many OUs however, so it was a little cumbersome. With the script technique I could run the report, filter the users i wanted by specific criteria, and then flip the appropriate bit on certain ones- a real time-saver.
Thanks to both of you.
Thanks to both of you.
ASKER
How would I modify the script to change multiple attributes. For example, I also want to turn the "Password Never Expires" box off on everyone.