Solved

Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"

Posted on 2011-09-08
10
722 Views
Last Modified: 2012-05-12
Hello,

I have about 50 users in AD that have their AD properties set to "password never expires" and  I need to change it so this options is unchecked.  I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option  "password never expires" but checks the option "user must change password at next logon".

Thanks for any help.
0
Comment
Question by:capt_morgan
10 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 36507275
This is pretty easy using powershell and the quest AD cmdlets

$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}

0
 

Author Comment

by:capt_morgan
ID: 36507447
Thanks for the script.    Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company,ou=.com" or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36507492
You can just make the file like this with a header and one user per line

Username
User1
User2
User3
0
 

Author Comment

by:capt_morgan
ID: 36507555
Great!   I will try it tomorrow morning and then get back to you.
0
 

Author Comment

by:capt_morgan
ID: 36511048
KenMCF,

When I try to run the lines I get the following message

PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<<  $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
    + CategoryInfo          : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

What's going on.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 27

Expert Comment

by:KenMcF
ID: 36511099
Are you running this from within the Quest powershell console?

If not add this line to the script

add-pssnapin *Quest*
0
 

Author Comment

by:capt_morgan
ID: 36511551
I am running the Windows Powershell only.  I was not aware you have to run Quest powershell console.  

Will the script not work in native windows powershell?  Can you write this asa vbscript instead?

0
 
LVL 3

Expert Comment

by:gs121
ID: 36582827
over kill for powershell

Run ADUC go to save queries do custom query

highlight all the results, select properties and click the boxes

-Check     User must Change Password
-UnCheck Password Never Expires

*****************************************************
User-Non Expiring Password

Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts

Query String -

(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2)))


0
 

Author Comment

by:capt_morgan
ID: 36710033
Can this be converted to a VBscript instead.  I am only familiar with VBscripts and batch files.  
0
 
LVL 2

Accepted Solution

by:
MilesLogan earned 500 total points
ID: 37395154
This tool will do the trick .. let me know if you need any help with it .

http://www.wisesoft.co.uk/software/bulkadusers/default.aspx

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now