Cristian
Reputation: 15
Disable ADuser if the user still has the check change password at next logon
I'm doing user audits, and I'm assigning the check change password at next logon. After xxx time I run script to remove the check and disable the accounts that still have the check and export these users. I'm trying this way and it's not working for me.
Get-ADuser -LDAPfilter "(pwdLastSet=0)" | select SamAccountName |
Out-File -FilePath .\users.txt -Append
$users = get-content .\users.txt
foreach ($Row in $users) {
if(Get-ADUser -LDAPfilter "(sAMAccountName=$($Row.username))"){
Set-ADUser -ChangePasswordAtLogon $false -Identity $Row.username
Set-ADUser -Enabled $false -Identity $Row.username -Description "User Disabled after xxxxx days"
}
}
Someone knows a way to do that and can help me. Thank you.
Upvotes: 0
Views: 215
Answers (1)
ArcSet
Reputation: 6860
The issue is at $Row.username.
$Row is not a hash table and has no properties. Therefore $Row.Username would equal nothing.
Get-ADuser -LDAPfilter "(pwdLastSet=0)" | select SamAccountName | Out-File -FilePath .\users.txt -Force
get-content .\users.txt | %{
Set-ADUser -Identity $_ -ChangePasswordAtLogon $false -Enabled $false -Description "User Disabled after xxxxx days"
}
Upvotes: 1
Related Questions
- PowerShell - User Must Change Password at Next Logon
- Verify AD User Password
- If Get-ADGroupMember does not find disable users .. say
- Disable Local Account "User must change password at next logon"
- Check if user is a member and remove
- Exclude disable user Get-aduser
- How to use if/else statement to act on Get-ADUser lockout property
- Active Directory Change Password and Deactivated Status
- Unlocking an AD user with Powershell
- How can I detect whether AD user password is expired without a second account to query AD?