by Thomas Forsmark Sørensen
28. June 2010 14:57
Yesterday I had to enable a bunch of user accounts and set a default password for the users that I had migrated to a new AD.
The users had to have a new password, to be enabled and have removed the "The user have to change password at next logon".
Normally I would create a VB script to do those things, but I decided to see if this could be done using PowerShell.
First I had to tell PowerShell to use the Active Directory module:
Import-Module ActiveDirectory
Then I could cd "into" the AD by writing
CD AD:
The Get-ADUser cmdlet is used for finding alle the users in the OU and any sub OU and the Set-ADAccountPassword cmdlet to set the password:
Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassword" -Force)
Again the Get-ADUser is used together with the Set-ADUser cmdlet to enable the accounts and remove the "The user have to change password at next logon" option.
Get-ADUser -filter * -SearchBase 'OU=UserAccounts,DC=domain,DC=local' | Set-ADUser -Enable $True -ChangePasswordAtLogon $false
More AD PowerShell Cmdlets can be found here http://technet.microsoft.com/en-us/library/ee617195.aspx