Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"


I have about 50 users in AD that have their AD properties set to "password never expires" and  I need to change it so this options is unchecked.  I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option  "password never expires" but checks the option "user must change password at next logon".

Thanks for any help.
Who is Participating?
MilesLoganConnect With a Mentor Commented:
This tool will do the trick .. let me know if you need any help with it .

This is pretty easy using powershell and the quest AD cmdlets

$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}

capt_morganAuthor Commented:
Thanks for the script.    Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company," or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

You can just make the file like this with a header and one user per line

capt_morganAuthor Commented:
Great!   I will try it tomorrow morning and then get back to you.
capt_morganAuthor Commented:

When I try to run the lines I get the following message

PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<<  $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
    + CategoryInfo          : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

What's going on.
Are you running this from within the Quest powershell console?

If not add this line to the script

add-pssnapin *Quest*
capt_morganAuthor Commented:
I am running the Windows Powershell only.  I was not aware you have to run Quest powershell console.  

Will the script not work in native windows powershell?  Can you write this asa vbscript instead?

over kill for powershell

Run ADUC go to save queries do custom query

highlight all the results, select properties and click the boxes

-Check     User must Change Password
-UnCheck Password Never Expires

User-Non Expiring Password

Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts

Query String -


capt_morganAuthor Commented:
Can this be converted to a VBscript instead.  I am only familiar with VBscripts and batch files.  
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.