Monthly Archive


Force user to change password

I’ve always liked scripting against Active Directory as it has one of the potentially richest environments fro automation.  Normally I use the Quest or Microsoft cmdlets but every now and then its fun to back to using ADSI.

I came a cross this problem:

How do I get a user name and then force the user to change their password at next logon.

$user = Read-Host "Input user name"            
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
$root = $dom.GetDirectoryEntry()            
$search = [System.DirectoryServices.DirectorySearcher]$root            
$search.Filter = "(&(objectclass=user)(objectcategory=user)(Name=$user))"            
$search.SizeLimit = 3000            
$result = $search.FindOne()            
$target = $result.GetDirectoryEntry()            

Use read-host to get the user name. Perform a directory search for the name. Get a directory object for the user and then set pwdLastSet = 0

Leave a Reply