Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, September 22, 2009 12:39 AM
Hello,
I've searched all over the net and tried many times myself, but I am unable to get this to work. I have migrated 172 users from cross forest and they are currently sitting in 'OU=Migration, OU=Kansas City, OU=Users' and I'm unable to figure out how to select just those users and what to attribute though powershell to set for each of them.
Thank for any help in advance,
All replies (6)
Tuesday, September 22, 2009 2:29 AM ✅Answered | 1 vote
Can you use the quest cmdlets?
http://www.quest.com/activeroles-server/arms.aspx
If so, you could do something like this:
Get-QADUser -SearchRoot 'OU=TestOU,DC=Domain,DC=COM' | Set-QADUser -UserMustChangePassword $false
This will pipe all of the users in the specified OU to the Set-QadUser cmdlet and remove the "User must change password at next logon" setting.
Wednesday, September 23, 2009 7:39 PM ✅Answered | 1 vote
By importing do you mean adding the quest snap-in? If so, here's how you would do it:
Add-PSSnapin Quest.ActiveRoles.ADManagement
For the searchroot you can use either DN or canonical name:
Get-QADUser -SearchRoot "OU=Child,OU=Parent,DC=Domain,DC=Com"
or
Get-QADUser -SearchRoot "domain.com/Parent/Child"
Wednesday, September 23, 2009 5:39 PM
I don't know how to import the quest cmdlets, but I 'll attempt figuring it out.
How do you specify an OU within an OU? I'm unable to specify any heirarchy. eg. 'OU=Parent,OU=Child,DC=Domain,DC=Com'
Thursday, July 17, 2014 2:19 PM
This is an old thread but here is a one liner...
get-qaduser -ou "your OU as a path" -don'tincludedefaultpropterties | % { set-quaduser $_.samAccountName -usermustchangepassword $true}
Wednesday, August 16, 2017 7:07 PM
Works perfectly!!! Went through and reset the attribute on 1174 migrated objects. Going to save a lot of extra admin time.
Stanley E. Noel Jr
Thursday, August 2, 2018 8:57 PM
The Set-ADUser Cmdlet has this option: -ChangePasswordAtLogon:$False
Get-ADUser (-identity or -filter) | Set-ADUser -ChangePasswordAtLogon:$False