capt_morgan
asked on
Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"
Hello,
I have about 50 users in AD that have their AD properties set to "password never expires" and I need to change it so this options is unchecked. I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option "password never expires" but checks the option "user must change password at next logon".
Thanks for any help.
I have about 50 users in AD that have their AD properties set to "password never expires" and I need to change it so this options is unchecked. I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option "password never expires" but checks the option "user must change password at next logon".
Thanks for any help.
ASKER
Thanks for the script. Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company,ou=.co m" or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
You can just make the file like this with a header and one user per line
Username
User1
User2
User3
Username
User1
User2
User3
ASKER
Great! I will try it tomorrow morning and then get back to you.
ASKER
KenMCF,
When I try to run the lines I get the following message
PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<< $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
+ CategoryInfo : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
What's going on.
When I try to run the lines I get the following message
PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<< $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
+ CategoryInfo : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
What's going on.
Are you running this from within the Quest powershell console?
If not add this line to the script
add-pssnapin *Quest*
If not add this line to the script
add-pssnapin *Quest*
ASKER
I am running the Windows Powershell only. I was not aware you have to run Quest powershell console.
Will the script not work in native windows powershell? Can you write this asa vbscript instead?
Will the script not work in native windows powershell? Can you write this asa vbscript instead?
over kill for powershell
Run ADUC go to save queries do custom query
highlight all the results, select properties and click the boxes
-Check User must Change Password
-UnCheck Password Never Expires
************************** ********** ********** *******
User-Non Expiring Password
Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts
Query String -
(&(&(objectCategory=person )(objectCl ass=user)( userAccoun tControl:1 .2.840.113 556.1.4.80 3:=65536)( !userAccou ntControl: 1.2.840.11 3556.1.4.8 03:=2)))
Run ADUC go to save queries do custom query
highlight all the results, select properties and click the boxes
-Check User must Change Password
-UnCheck Password Never Expires
**************************
User-Non Expiring Password
Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts
Query String -
(&(&(objectCategory=person
ASKER
Can this be converted to a VBscript instead. I am only familiar with VBscripts and batch files.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}