We help IT Professionals succeed at work.

Force all staff to reset passwords with specific requirements

259 Views
Last Modified: 2014-05-02
Hi Experts,

I need a script that will go through AD and force certain staff to change their password.

So hopefully some genius can help on here ;-)

What I need the script to do.

If a user has a staff ID between 100000-500000 and has an email address & they have not changed their password within the past week then make them change password on next login.

Hope someone can help

Thanks
Comment
Watch Question

Author

Commented:
Staff ID is employee ID
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
thanks, is there a way to target specific OUs to test first? Also perhaps output to a log file so we can see what was changed?

Author

Commented:
sorry just noticed the -searchbase...!

Author

Commented:
also would be good to have one that would emulate first so that we can verify if all accounts selected are ok to change, then exclude any if required. Appreciate your help ;-)
Rory ClerkinIT Manager

Commented:
To list who has an old password:
$Cutoff = $((Get-Date).AddDays(-7).ToFileTimeUtc())
Get-ADUser -filter {(employeeID -ge "100000") -and (employeeID -lt "500000") -and (pwdLastSet -lt $Cutoff) -and (pwdLastSet -ne "0") -and (EmailAddress -like "*")} -Properties DisplayName,EmailAddress,SamAccountName,distinguishedName | Sort-Object EmailAddress | FT DisplayName,EmailAddress,SAMAccountName,distinguishedName

Open in new window


To force the user to reset their password at next logon:
$Cutoff = $((Get-Date).AddDays(-7).ToFileTimeUtc())
Get-ADUser -filter {(employeeID -ge "100000") -and (employeeID -lt "500000") -and (pwdLastSet -lt $Cutoff) -and (pwdLastSet -ne "0") -and (EmailAddress -like "*")} -Properties DisplayName,EmailAddress,SamAccountName,distinguishedName | Set-ADUser -ChangePasswordAtLogon $true

Open in new window



You would take care of the password complexity with your password policy set in Group Policy. Details on this page:
http://technet.microsoft.com/en-us/library/cc875814.aspx

Details on the filter for the Get-ADUser can be found on this page:
http://technet.microsoft.com/en-us/library/ee617241.aspx

Rory

Author

Commented:
thanks Rory.

I need to be able to target OUs though and also exclude various users. Can the above codes also output to a txt or csv file?
IT Manager
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
perfect, can we also exclude disabled users and show OU location?

Author

Commented:
Got it :-)

 -and (Enabled -eq $true)
Rory ClerkinIT Manager

Commented:
Exactly and the distinguishedName that is returned includes the OU.

Author

Commented:
Thanks all, thought it was only fair to allocate becraig a few points for helping first of all.
Rory ClerkinIT Manager

Commented:
Glad to have helped.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.