How to enable the user must change password at next logon setting for Active Directory user accounts?
Read on to know how to modify the password settings of a user account in Active Directory using PowerShell and how you can get it done easily with ADManager Plus.
Windows PowerShell
- Identify the domain in which the account to be modified is located.
- Create and compile the script for changing the password setting of the AD account. Execute the script in PowerShell.
- Sample script for changing the password setting to 'user must change pass word at next logon' for an AD user account:
Copied
Set-ADUser -Identity 86843e63-a364-49e0-a7ea-6eeb8838a4f0-ChangePasswordAtLogon $true
Click to copy entire script
ADManager Plus
- Navigate to Management > User Management > Bulk User Management > Reset Password.
- Select the Password Setting, Domain and the User Account(s) you wish to change the password settings for. You can even import this list from a CSV file. Click Apply.
Screenshot
» Start 30-day Free Trial
Although modifying password settings for AD user accounts with native tools like PowerShell looks simple, it comes with a few limitations:
- The PowerShell script can be run only from the computers which have the Active Directory Domain Services role installed in them.
- Need for a new script, in case the password settings are to be changed for multiple users.
- The syntax, parameters and iterations need to be correct. A typo or incorrect syntax might be difficult to spot and rectify, especially when the script is a long one.
- Cannot delegate the modification of AD accounts or other AD management tasks to help desk technicians.
ADManager Plus lets you perform the same with a few clicks from its web-based GUI console. It also has options for modifying the password settings of multiple users simultaneously with templates or by importing a CSV file containing the modified attribute values.