Description

This PowerShell script can be used update the pwdLastSet (User Must Change Password at Next Logon) value in Active Directory.  You can use “0” or “-1” to enable to disable this option:

0 to enable the User must change password at next logon option

-1 to disable the User must change password at next logon option

More info: http://portal.sivarajan.com/2011/07/user-must-change-password-at-next.html

Script

PowerShell
Edit|Remove
<# 
This script updates the "User must change password at next logon" value (pwdLastSet) 
 
www.sivarajan.com 
 
#> 
clear 
$PLSValue = 0 
#0 to enable the User must change password at next logon option 
#-1 to disable the User must change password at next logon option 
$ObjFilter = "(&(objectCategory=person)(objectCategory=User))"  
    $objSearch = New-Object System.DirectoryServices.DirectorySearcher  
    $objSearch.PageSize = 15000  
    $objSearch.Filter = $ObjFilter   
    $objSearch.SearchRoot = "LDAP://OU=User Accounts,DC=santhosh,DC=lab"  
    $AllObj = $objSearch.FindAll()  
    foreach ($Obj in $AllObj)  
           { 
            $objItemS = $Obj.Properties 
            $UserN = $objItemS.name 
            $UserDN = $objItemS.distinguishedname 
            $user = [ADSI] "LDAP://$userDN" 
            $user.psbase.invokeSet("pwdLastSet",$PLSValue) 
            Write-host -NoNewLine "Modifying $UserN Properties...." 
            $user.setinfo() 
            Write-host "Done!" 
            }