Force all AD user account change their password at next logon using PowerShell
Updated: Aug 2, 2019
In this post this time, I will show how to force your AD user to change their password at next logon, but this time we use Powershell instead of GUI.
Sometime it happen that your user need to have their own password & they prefer to change by them-self , so as a Server Admin, you just execute few PowerShell command and all your users can change their own password on their next restart.
So lets get started then....
1 - on your AD Server, open PowerShell, and type Get-ADUser -Filter * -SearchBase "ou=MelakaBranch,dc=cpx,dc=local" | Format-Wide DistinguishedName
-- This command you just execute is to verify that you have full of users listed in that particular OU.
-- for this demo I'm using MelakaBranch OU (for those who follow my blog, you notice since the beginning of all deployment, i'm using the same OU for demo purposes)
2 - next, type this command to allow all users in that particular OU (MelakaBranch) to change their password at next logon.
Get-ADUser -Filter * -SearchBase "ou=MelakaBranch,dc=cpx,dc=local" | Set-ADUser -ChangePasswordAtLogon $true
3 - Next, turn on your Windows 8 machine, key in one of the user name available in MelakaBranch OU, for this demo I'm using user name Dylan.
4 - Dylan have to enter his own password here.. and press enter
5. and finally, your user now set his own password.