Windows Server -批量设置用户下次登陆须更改密码

/weixin_34233856/article/details/92367828

Powershell设置某OU下所有用户下次登陆必须更改密码：

Get-ADUser-Filter*-SearchBase"ou=syncall,dc=azureyun,dc=com"|Set-ADUser-ChangePasswordAtLogon$flase

批量取消当前域环境中已勾选下次登陆必须更改密码选项：

Get-ADUser-Filter*|foreach{Set-ADUser-Identity$_.SamAccountName-ChangePasswordAtLogon$false}

参考网站

Modifying an Attribute for Several Users at Once

/en-us/previous-versions/windows/it-pro/windows-server--R2-and-/dd391846(v=ws.10)?redirectedfrom=MSDN

07/02/2 minutes to read

Applies To: Windows Server R2

This topic explains how to use the Active Directory module for Windows PowerShell to modify an attribute in ActiveDirectory Domain Services (ADDS) for several users at once.

Example

The following example demonstrates how to retrieve the user objects in the organizational unit (OU) Finance and set their description attribute:

Get-ADUser -Filter 'Name -like "*"' -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM" | Set-ADUser -Description "Member of the Finance Department"

Additional information

You can use the following parameters when you set many of the common values that are associated with a user object in ADDS:

-AccountExpirationDate

-AccountNotDelegated

-AccountPassword

-AllowReversiblePasswordEncryption

-CannotChangePassword

-ChangePasswordAtLogon

-Enabled

-PasswordNeverExpires

-PasswordNotRequired

-SmartcardLogonRequired

-TrustedForDelegation

-DisplayName

-GivenName

-Initials

-OtherName

-Surname

-Description

-City

-Country

-POBox

-PostalCode

-State

-StreetAddress

-Company

-Department

-Division

-EmployeeID

-EmployeeNumber

-Manager

-Office

-Organization

-Title

-Fax

-HomePhone

-MobilePhone

-OfficePhone

-EmailAddress

-HomeDirectory

-HomeDrive

-HomePage

-ProfilePath

-ScriptPath

-Certificates

-LogonWorkstations

-PermittedLogonTimes

-UserPrincipalName

-ServicePrincipalNames

In addition to the standard Lightweight Directory Access Protocol (LDAP) attributes, you can retrieve the following extended properties of theGet-ADUsercmdlet by using the-Propertiesparameter:

City

Country

EmailAddress

Fax

LogonWorkstations

MobilePhone

Office

OfficePhone

Organization

OtherName

POBox

SmartcardLogonRequired

State

Surname

For a full explanation of the parameters that you can pass toSet-ADUserorGet-ADUser, at the Active Directory module command prompt, typeGet-Help Set-ADUser –detailedorGet-Help Get-ADUser –detailed, and then press ENTER.