Yesterday I had to enable a bunch of user accounts and set a default password for the users that I had migrated to a new AD.

The users had to have a new password, to be enabled and have removed the "The user have to change password at next logon".

Normally I would create a VB script to do those things, but I decided to see if this could be done using PowerShell.

First I had to tell PowerShell to use the Active Directory module:

Import-Module ActiveDirectory

Then I could cd "into" the AD by writing

CD AD:

The Get-ADUser cmdlet is used for finding alle the users in the OU and any sub OU and the Set-ADAccountPassword cmdlet to set the password:

Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassword" -Force)

Again the Get-ADUser is used together with the Set-ADUser cmdlet to enable the accounts and remove the "The user have to change password at next logon" option.

Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADUser -Enable $True -ChangePasswordAtLogon $false

More AD PowerShell Cmdlets can be found here http://technet.microsoft.com/en-us/library/ee617195.aspx