Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"

Hello,

I have about 50 users in AD that have their AD properties set to "password never expires" and  I need to change it so this options is unchecked.  I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option  "password never expires" but checks the option "user must change password at next logon".

Thanks for any help.
capt_morganAsked:
Who is Participating?
 
MilesLoganConnect With a Mentor Commented:
This tool will do the trick .. let me know if you need any help with it .

http://www.wisesoft.co.uk/software/bulkadusers/default.aspx

0
 
KenMcFCommented:
This is pretty easy using powershell and the quest AD cmdlets

$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}

0
 
capt_morganAuthor Commented:
Thanks for the script.    Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company,ou=.com" or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
KenMcFCommented:
You can just make the file like this with a header and one user per line

Username
User1
User2
User3
0
 
capt_morganAuthor Commented:
Great!   I will try it tomorrow morning and then get back to you.
0
 
capt_morganAuthor Commented:
KenMCF,

When I try to run the lines I get the following message

PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<<  $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
    + CategoryInfo          : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

What's going on.
0
 
KenMcFCommented:
Are you running this from within the Quest powershell console?

If not add this line to the script

add-pssnapin *Quest*
0
 
capt_morganAuthor Commented:
I am running the Windows Powershell only.  I was not aware you have to run Quest powershell console.  

Will the script not work in native windows powershell?  Can you write this asa vbscript instead?

0
 
gs121Commented:
over kill for powershell

Run ADUC go to save queries do custom query

highlight all the results, select properties and click the boxes

-Check     User must Change Password
-UnCheck Password Never Expires

*****************************************************
User-Non Expiring Password

Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts

Query String -

(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2)))


0
 
capt_morganAuthor Commented:
Can this be converted to a VBscript instead.  I am only familiar with VBscripts and batch files.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.