Pricing  Get Quote
 
 

Change user password at first logon using PowerShell

The below scripts can force users belonging to specific OUs to change their passwords during their next logon. Often, using PowerShell can be complex and time consuming.

ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers an option that, when enabled, forces users to change their password every time they logon after a password reset (self-service or automated password reset).

Here is a comparison between forcing users to change their passwords using PowerShell and ADSelfService Plus:

PowerShell

Enter the following PowerShell script to force the users belonging to a specific OU to change their passwords during the next logon:
Get-ADUser -Filter * -SearchBase “OU=<specify-OU-name>,DC=<specify-subdomain-name>,DC=<specify-domain-name>,DC=com” | Set-ADUser -CannotChangePassword:$false -PasswordNeverExpires:$false -ChangePasswordAtLogon:$true
 Copied
Click to copy entire script

ADSelfService Plus

In ADselfService Plus:
  • Go to Configuration > Policy Configuration.
  • Create a new policy.
  • Once the information required to create the policy is provided, click on Advanced, navigate to the Reset & Unlock tab and select the Upon password reset, force users to change password at next logon checkbox.
  • Click OK and in the Policy Configuration section, click Save.
Advantages of ADSelfService Plus:
  • Quick configuration:

    In ADSelfService Plus, users can be forced to change their passwords during the next logon following a password reset by a few clicks and entering minimal information. In PowerShell, this requires creating, debugging, and running scripts.

  • Forced password changes:

    Choose who should be forced to change their passwords: When creating an ADSelfService policy, administrators can select the domain, OUs, and groups whose users should be forced to change their password during the next logon following a password reset. Using PowerShell to force specific users to change their passwords will require creating an extensive script

  • Data management:

    ADSelfService Plus does not store the user's credentials anywhere, unlike the above PowerShell script which requires storing the user's credentials in the script.

  • Enforcing strong passwords:

    ADSelfService Plus' Password Policy Enforcer allows administrators to create and enforce custom password policies that inhibit the creation of weak passwords that are vulnerable to hacks. Again, in ADSelfService Plus, this can be done in a few clicks, unlike PowerShell which involves creating scripts

  • Synchronize AD password with enterprise applications:

    Using ADSelfService Plus' Password Synchronization feature, any changes made to the users' passwords can be automatically synchronized with their user account in enterprise applications like G Suite and Office 365.

Force users to change their Active Directory passwords

  Get 30-day free trial.
  • Embark on your script-free AD Self-service password management with ADSelfService Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

    Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link