Requiring a User to Change a Password at Next Logon
Applies To: Windows Server 2008 R2
This topic explains how to use the Active Directory module for Windows PowerShell to require a user to change his or her password the next time that they log on.
Example
The following example demonstrates how to require the user TonyAllen to change his password the next time that he logs on:
Set-ADUser -Identity TonyAllen -ChangePasswordAtNextLogon $true
Additional information
You can use the following parameters when you set many of the common values that are associated with a user object in Active Directory Domain Services (AD DS):
-AccountExpirationDate
-AccountNotDelegated
-AccountPassword
-AllowReversiblePasswordEncryption
-CannotChangePassword
-ChangePasswordAtLogon
-Enabled
-PasswordNeverExpires
-PasswordNotRequired
-SmartcardLogonRequired
-TrustedForDelegation
-DisplayName
-GivenName
-Initials
-OtherName
-Surname
-Description
-City
-Country
-POBox
-PostalCode
-State
-StreetAddress
-Company
-Department
-Division
-EmployeeID
-EmployeeNumber
-Manager
-Office
-Organization
-Title
-Fax
-HomePhone
-MobilePhone
-OfficePhone
-EmailAddress
-HomeDirectory
-HomeDrive
-HomePage
-ProfilePath
-ScriptPath
-Certificates
-LogonWorkstations
-PermittedLogonTimes
-UserPrincipalName
-ServicePrincipalNames
For a full explanation of the parameters that you can pass to Set-ADUser, at the Active Directory module command prompt, type Get-Help Set-ADUser –detailed, and then press ENTER.