?
Solved

Script that reads CSV file to uncheck "password never expires" and "force password change at next logon"

Posted on 2011-09-08
10
Medium Priority
?
752 Views
Last Modified: 2012-05-12
Hello,

I have about 50 users in AD that have their AD properties set to "password never expires" and  I need to change it so this options is unchecked.  I would like to do it through a single script that reads in a list of users (from a csv file I'm guessing) and unchecks the option  "password never expires" but checks the option "user must change password at next logon".

Thanks for any help.
0
Comment
Question by:capt_morgan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 36507275
This is pretty easy using powershell and the quest AD cmdlets

$Users = import-csv c:\temp\users.csv
$Users | Foreach {
get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}

0
 

Author Comment

by:capt_morgan
ID: 36507447
Thanks for the script.    Do I need to format the "users.csv" in a certain way for the script to read it like "cn=joeg,ou=company,ou=.com" or will the script know where to find the user by just their login name only "joeg,chrism,dorthyj"
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36507492
You can just make the file like this with a header and one user per line

Username
User1
User2
User3
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 

Author Comment

by:capt_morgan
ID: 36507555
Great!   I will try it tomorrow morning and then get back to you.
0
 

Author Comment

by:capt_morgan
ID: 36511048
KenMCF,

When I try to run the lines I get the following message

PS C:\Users\Blah> $Users = import-csv c:\ExpirePasswords.csv
PS C:\Users\Blah> $Users | Foreach {
>> get-qaduser $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
>>
The term 'get-qaduser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
 spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:12
+ get-qaduser <<<<  $_.username | Set-qaduser Set-QADUser -PasswordNeverExpires $False -UserMustChangePassword $true}
    + CategoryInfo          : ObjectNotFound: (get-qaduser:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

What's going on.
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 36511099
Are you running this from within the Quest powershell console?

If not add this line to the script

add-pssnapin *Quest*
0
 

Author Comment

by:capt_morgan
ID: 36511551
I am running the Windows Powershell only.  I was not aware you have to run Quest powershell console.  

Will the script not work in native windows powershell?  Can you write this asa vbscript instead?

0
 
LVL 3

Expert Comment

by:gs121
ID: 36582827
over kill for powershell

Run ADUC go to save queries do custom query

highlight all the results, select properties and click the boxes

-Check     User must Change Password
-UnCheck Password Never Expires

*****************************************************
User-Non Expiring Password

Desc - Users with Non Expiring Passwords - Excluding Disabled Accounts

Query String -

(&(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2)))


0
 

Author Comment

by:capt_morgan
ID: 36710033
Can this be converted to a VBscript instead.  I am only familiar with VBscripts and batch files.  
0
 
LVL 2

Accepted Solution

by:
MilesLogan earned 2000 total points
ID: 37395154
This tool will do the trick .. let me know if you need any help with it .

http://www.wisesoft.co.uk/software/bulkadusers/default.aspx

0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question