Solved

Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"

Posted on 2011-09-08
10
725 Views
Last Modified: 2012-05-12
Hello,

I have about 50 users in AD that have their AD properties set to "password never expires" and  I need to change it so this options is unchecked.  I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option  "password never expires" but checks the option "user must change password at next logon".

Thanks for any help.
0
Comment
Question by:capt_morgan
10 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 36507275
This is pretty easy using powershell and the quest AD cmdlets

$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}

0
 

Author Comment

by:capt_morgan
ID: 36507447
Thanks for the script.    Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company,ou=.com" or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36507492
You can just make the file like this with a header and one user per line

Username
User1
User2
User3
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:capt_morgan
ID: 36507555
Great!   I will try it tomorrow morning and then get back to you.
0
 

Author Comment

by:capt_morgan
ID: 36511048
KenMCF,

When I try to run the lines I get the following message

PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<<  $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
    + CategoryInfo          : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

What's going on.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36511099
Are you running this from within the Quest powershell console?

If not add this line to the script

add-pssnapin *Quest*
0
 

Author Comment

by:capt_morgan
ID: 36511551
I am running the Windows Powershell only.  I was not aware you have to run Quest powershell console.  

Will the script not work in native windows powershell?  Can you write this asa vbscript instead?

0
 
LVL 3

Expert Comment

by:gs121
ID: 36582827
over kill for powershell

Run ADUC go to save queries do custom query

highlight all the results, select properties and click the boxes

-Check     User must Change Password
-UnCheck Password Never Expires

*****************************************************
User-Non Expiring Password

Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts

Query String -

(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2)))


0
 

Author Comment

by:capt_morgan
ID: 36710033
Can this be converted to a VBscript instead.  I am only familiar with VBscripts and batch files.  
0
 
LVL 2

Accepted Solution

by:
MilesLogan earned 500 total points
ID: 37395154
This tool will do the trick .. let me know if you need any help with it .

http://www.wisesoft.co.uk/software/bulkadusers/default.aspx

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question