Windows Server 2016-批量设置用户下次登陆须更改密码

 

Windows Server 2016-批量设置用户下次登陆须更改密码

https://blog.csdn.net/weixin_34233856/article/details/92367828

Powershell设置某OU下所有用户下次登陆必须更改密码：

Get-ADUser -Filter * -SearchBase "ou=syncall,dc=azureyun,dc=com" |Set-ADUser -ChangePasswordAtLogon $flase

批量取消当前域环境中已勾选下次登陆必须更改密码选项：

Get-ADUser -Filter * | foreach {Set-ADUser -Identity $_.SamAccountName -ChangePasswordAtLogon $false}

参考网站

Modifying an Attribute for Several Users at Once

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd391846(v=ws.10)?redirectedfrom=MSDN

• 07/02/2012
• 2 minutes to read

Applies To: Windows Server 2008 R2

This topic explains how to use the Active Directory module for Windows PowerShell to modify an attribute in Active Directory Domain Services (AD DS) for several users at once.

Example

The following example demonstrates how to retrieve the user objects in the organizational unit (OU) Finance and set their description attribute:

Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" | Set-ADUser -Description "Member of the Finance Department"

Additional information

You can use the following parameters when you set many of the common values that are associated with a user object in AD DS:

• -AccountExpirationDate

• -AccountNotDelegated

• -AccountPassword

• -AllowReversiblePasswordEncryption

• -CannotChangePassword

• -ChangePasswordAtLogon

• -Enabled

• -PasswordNeverExpires

• -PasswordNotRequired

• -SmartcardLogonRequired

• -TrustedForDelegation

• -DisplayName

• -GivenName

• -Initials

• -OtherName

• -Surname

• -Description

• -City

• -Country

• -POBox

• -PostalCode

• -State

• -StreetAddress

• -Company

• -Department

• -Division

• -EmployeeID

• -EmployeeNumber

• -Manager

• -Office

• -Organization

• -Title

• -Fax

• -HomePhone

• -MobilePhone

• -OfficePhone

• -EmailAddress

• -HomeDirectory

• -HomeDrive

• -HomePage

• -ProfilePath

• -ScriptPath

• -Certificates

• -LogonWorkstations

• -PermittedLogonTimes

• -UserPrincipalName

• -ServicePrincipalNames

In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of the Get-ADUser cmdlet by using the -Properties parameter:

• City

• Country

• EmailAddress

• Fax

• LogonWorkstations

• MobilePhone

• Office

• OfficePhone

• Organization

• OtherName

• POBox

• SmartcardLogonRequired

• State

• Surname

For a full explanation of the parameters that you can pass to Set-ADUser or Get-ADUser, at the Active Directory module command prompt, type Get-Help Set-ADUser –detailed or Get-Help Get-ADUser –detailed, and then press ENTER.