Password Management Using Active directory PowerShell Module

Continuing from yesterday’s post today I’ll show you how manage and control users’ password settings using the Active directory PowerShell Module.

In this article I’m going to explore a few ways we can manage passwords using the AD Module, the first option Is setting a new password using the cmdlet below that will set a user name Dave with a new password:

Set-ADAccountPassword Dave -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPass770" -Force -Verbose)


If you need to change the password to multiple users see my article, Change User Or Multiple Users Password Using PowerShell

I can also set the password to never expire using:

Set-ADUser dave -PasswordNeverExpires $true -PassThru

And force the user to change password at next logon:

Set-ADUser dave -ChangePasswordAtLogon $true -PassThru

And I can also set the user not to be able to change password:

Set-ADUser dave -CannotChangePassword $true -PassThru

I can also apply all of the above to all users under an OU as seen below:

Get-ADUser -Filter 'Name -like "*"' -SearchBase 'OU=dev,DC=test,DC=local' | Set-ADUser -PasswordNeverExpires $false -Verbose -PassThru