The script below lists users who haven’t changed passwords in 90 days.
$users = Get-ADUser -Filter {PasswordLastSet -lt (Get-Date).AddDays(-90)} -Properties PasswordLastSetRun the script below to automatically reset passwords for all identified users. This resets passwords to NewPassword123.
foreach ($user in $users) {
$newPassword = ConvertTo-SecureString "NewPassword123!" -AsPlainText -Force
Set-ADAccountPassword -Identity $user.SamAccountName -NewPassword $newPassword -Reset
}Ensure users update their passwords with a prompt to set a new password at the next login.
foreach ($user in $users) {
Set-ADUser -Identity $user.SamAccountName -ChangePasswordAtLogon $true
}Send email alerts to users about the reset.
foreach ($user in $users) {
Send-MailMessage -To $user.EmailAddress -From "admin@yourdomain.com" -Subject "Password Reset" -Body "Your password has been reset. Please update it upon your next login."
}Reset a user's password using the script below. Replace "NewPass@123" with the new password.
Set-ADAccountPassword -Identity username -NewPassword (ConvertTo-SecureString "NewPass@123" -AsPlainText -Force) -ResetForce the user to change their password using the script below.
Set-ADUser -Identity username -ChangePasswordAtLogon $trueYes, use a CSV file and script automation to reset passwords for multiple users in bulk.
