Skip to content

Force all AD user accounts change their passwords at next logon using PowerShell

July 11, 2013

In this post this time, I will show how to force your AD user to change their password at next logon, but this time we use Powershell instead of GUI.

Sometime it happen that your user need to have their own password & they prefer to change by them-self , so as a Server Admin, you just execute few PowerShell command and all your users can change their own password on their next restart.

So lets get started then….

1 – on your AD Server, open PowerShell, and type Get-ADUser -Filter * -SearchBase “ou=MelakaBranch,dc=cpx,dc=local” | Format-Wide DistinguishedName

— This command you just execute is to verify that you have full of users listed in that particular OU.

— for this demo I’m using MelakaBranch OU (for those who follow my blog, you notice since the beginning of all deployment, i’m using the same OU for demo purposes)



2 – next, type this command to allow all users in that particular OU (MelakaBranch) to change their password at next logon.

Get-ADUser -Filter * -SearchBase “ou=MelakaBranch,dc=cpx,dc=local” | Set-ADUser -ChangePasswordAtLogon $true



3 – Next, turn on your Windows 8 machine, key in one of the user name available in MelakaBranch OU, for this demo I’m using user name Dylan.





4 – Dylan have to enter his own password here.. and press enter



and finally, your user now set his own password.


Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: