Link to home
Start Free TrialLog in
Avatar of capt_morgan
capt_morganFlag for United States of America

asked on

Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"

Hello,

I have about 50 users in AD that have their AD properties set to "password never expires" and  I need to change it so this options is unchecked.  I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option  "password never expires" but checks the option "user must change password at next logon".

Thanks for any help.
Avatar of KenMcF
KenMcF
Flag of United States of America image
This is pretty easy using powershell and the quest AD cmdlets

$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}

Avatar of capt_morgan
capt_morgan
Flag of United States of America image

ASKER

Thanks for the script.    Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company,ou=.com" or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
Avatar of KenMcF
KenMcF
Flag of United States of America image
You can just make the file like this with a header and one user per line

Username
User1
User2
User3
Avatar of capt_morgan
capt_morgan
Flag of United States of America image

ASKER

Great!   I will try it tomorrow morning and then get back to you.
Avatar of capt_morgan
capt_morgan
Flag of United States of America image

ASKER

KenMCF,

When I try to run the lines I get the following message

PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<<  $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
    + CategoryInfo          : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

What's going on.
Avatar of KenMcF
KenMcF
Flag of United States of America image
Are you running this from within the Quest powershell console?

If not add this line to the script

add-pssnapin *Quest*
Avatar of capt_morgan
capt_morgan
Flag of United States of America image

ASKER

I am running the Windows Powershell only.  I was not aware you have to run Quest powershell console.  

Will the script not work in native windows powershell?  Can you write this asa vbscript instead?

Avatar of gs121
gs121
Flag of United States of America image
over kill for powershell

Run ADUC go to save queries do custom query

highlight all the results, select properties and click the boxes

-Check     User must Change Password
-UnCheck Password Never Expires

*****************************************************
User-Non Expiring Password

Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts

Query String -

(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2)))


Avatar of capt_morgan
capt_morgan
Flag of United States of America image

ASKER

Can this be converted to a VBscript instead.  I am only familiar with VBscripts and batch files.  
ASKER CERTIFIED SOLUTION
Avatar of MilesLogan
MilesLogan
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial