How to force users to change NT password

Posted on 2014-04-23
Last Modified: 2014-04-23

Is there a way to run a script, command or something to force users to change their NT password on their next logon? We can force it by checking the box under Account tab on Users/Computers but it will be hard to do that with over 500 users.

Thank you in advance!
Question by:Help DeskLF
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 29

Expert Comment

ID: 40018457
you should be able to do this with set-aduser

Something like below should work.
What it does principally is set the flag to 0 so the user has to change their password the next time they login.
import-module ac*
gc users.csv | %{
$samaccountname = $_
Get-ADUser $samaccountname -Properties pwdLastSet   | Set-ADUser -Instance $_.pwdLastSet = 0 

Open in new window

One of the PS gurus could probably make this a lot cleaner but that is the idea

Accepted Solution

WebDevEM earned 400 total points
ID: 40018458

I would look at PowerShell for that... there's a conversation at which has some good discussion and examples.  The basic idea is this:
get-aduser -Filter * -SearchBase "OU=Users,DC=example,DC=com" | set-aduser -ChangePasswordAtLogon $True

Open in new window

Hope this gets you on the right track - I'm fairly new to PS scripting, but that seems to be the way to go for something like this.

LVL 29

Expert Comment

ID: 40018475
you can also if you have the user SAM accounts run

import-module ac*
gc users.csv | %{
$samaccountname = $_
Set-ADUser -Identity $samaccountname -ChangePasswordAtNextLogon $true

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question