Changing AD users using PowerShell

by Thomas Forsmark Sørensen 28. June 2010 14:57

Yesterday I had to enable a bunch of user accounts and set a default password for the users that I had migrated to a new AD.

The users had to have a new password, to be enabled and have removed the "The user have to change password at next logon".

Normally I would create a VB script to do those things, but I decided to see if this could be done using PowerShell.

First I had to tell PowerShell to use the Active Directory module:

Import-Module ActiveDirectory

Then I could cd "into" the AD by writing


The Get-ADUser cmdlet is used for finding alle the users in the OU and any sub OU and the Set-ADAccountPassword cmdlet to set the password:

Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassword" -Force)

Again the Get-ADUser is used together with the Set-ADUser cmdlet to enable the accounts and remove the "The user have to change password at next logon" option.

Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADUser -Enable $True -ChangePasswordAtLogon $false

More AD PowerShell Cmdlets can be found here

Powered by BlogEngine.NET
Theme by Mads Kristensen | Modified by Mooglegiant

About Me


My name is Thomas Forsmark Sørensen.

I live in Odense in Denmark and work for Globeteam in Virum.

I am working as a Microsoft Infrastructure consultant with main focus on application and Operating System Deployment.

I work mostly with Microsoft System Center Configuration Manager 2012 R2 and MDT 2013, but I also work with other of Microsofts products. 


<<  April 2021  >>

View posts in large calendar