Force user to change password
I’ve always liked scripting against Active Directory as it has one of the potentially richest environments fro automation. Normally I use the Quest or Microsoft cmdlets but every now and then its fun to back to using ADSI.
I came a cross this problem:
How do I get a user name and then force the user to change their password at next logon.
$user = Read-Host "Input user name" $dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $root = $dom.GetDirectoryEntry() $search = [System.DirectoryServices.DirectorySearcher]$root $search.Filter = "(&(objectclass=user)(objectcategory=user)(Name=$user))" $search.SizeLimit = 3000 $result = $search.FindOne() $target = $result.GetDirectoryEntry() $target.Put("pwdLastSet",0) $target.SetInfo()
Use read-host to get the user name. Perform a directory search for the name. Get a directory object for the user and then set pwdLastSet = 0