Export (0) Print
Expand All

Requiring a User to Change a Password at Next Logon

Updated: February 28, 2009

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to require a user to change his or her password the next time that they log on.

The following example demonstrates how to require the user TonyAllen to change his password the next time that he logs on:

Set-ADUser -Identity TonyAllen -ChangePasswordAtNextLogon $true

You can use the following parameters when you set many of the common values that are associated with a user object in Active Directory Domain Services (AD DS):

  • -AccountExpirationDate

  • -AccountNotDelegated

  • -AccountPassword

  • -AllowReversiblePasswordEncryption

  • -CannotChangePassword

  • -ChangePasswordAtLogon

  • -Enabled

  • -PasswordNeverExpires

  • -PasswordNotRequired

  • -SmartcardLogonRequired

  • -TrustedForDelegation


  • -DisplayName

  • -GivenName

  • -Initials

  • -OtherName

  • -Surname

  • -Description


  • -City

  • -Country

  • -POBox

  • -PostalCode

  • -State

  • -StreetAddress


  • -Company

  • -Department

  • -Division

  • -EmployeeID

  • -EmployeeNumber

  • -Manager

  • -Office

  • -Organization

  • -Title


  • -Fax

  • -HomePhone

  • -MobilePhone

  • -OfficePhone


  • -EmailAddress

  • -HomeDirectory

  • -HomeDrive

  • -HomePage

  • -ProfilePath

  • -ScriptPath


  • -Certificates

  • -LogonWorkstations

  • -PermittedLogonTimes

  • -UserPrincipalName

  • -ServicePrincipalNames

For a full explanation of the parameters that you can pass to Set-ADUser, at the Active Directory module command prompt, type Get-Help Set-ADUser –detailed, and then press ENTER.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft