Requiring a User to Change a Password at Next Logon

  • Article

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to require a user to change his or her password the next time that they log on.

Example

The following example demonstrates how to require the user TonyAllen to change his password the next time that he logs on:

Set-ADUser -Identity TonyAllen -ChangePasswordAtNextLogon $true

Additional information

You can use the following parameters when you set many of the common values that are associated with a user object in Active Directory Domain Services (AD DS):

  • -AccountExpirationDate

  • -AccountNotDelegated

  • -AccountPassword

  • -AllowReversiblePasswordEncryption

  • -CannotChangePassword

  • -ChangePasswordAtLogon

  • -Enabled

  • -PasswordNeverExpires

  • -PasswordNotRequired

  • -SmartcardLogonRequired

  • -TrustedForDelegation

  • -DisplayName

  • -GivenName

  • -Initials

  • -OtherName

  • -Surname

  • -Description

  • -City

  • -Country

  • -POBox

  • -PostalCode

  • -State

  • -StreetAddress

  • -Company

  • -Department

  • -Division

  • -EmployeeID

  • -EmployeeNumber

  • -Manager

  • -Office

  • -Organization

  • -Title

  • -Fax

  • -HomePhone

  • -MobilePhone

  • -OfficePhone

  • -EmailAddress

  • -HomeDirectory

  • -HomeDrive

  • -HomePage

  • -ProfilePath

  • -ScriptPath

  • -Certificates

  • -LogonWorkstations

  • -PermittedLogonTimes

  • -UserPrincipalName

  • -ServicePrincipalNames

For a full explanation of the parameters that you can pass to Set-ADUser, at the Active Directory module command prompt, type Get-Help Set-ADUser –detailed, and then press ENTER.