I'm trying to reset passwords for my users, but controlled to do it one store at a time. I'm using the command:
Get-ADOrganizationalUnit -Filter 'Name -like "store-*"' | FT Name, DistinguishedName -AutoSize
to show all the OU one level down, but I want to select from that list (1-20) the store I want to change.
This I will use the code to reset the password flag for that store only:
$days = 42 #change date here according to GPO.
$users = Get-ADUser -Filter { enabled -eq $true } -Properties pwdLastSet |
Select-Object samaccountname, @{n = 'pwdLastSet'; e = { [DateTime]::FromFileTime($_.pwdLastSet) } } |
Where-Object { $_.pwdlastset -lt (Get-Date).AddDays(-$days) }
foreach ($user in $users) {
$sam = $user.samaccountname
$todouser = Get-ADUser $sam -Properties pwdLastSet, distinguishedname
$todouser.pwdLastSet = 0
Set-ADUser -Instance $todouser
$todouser.pwdLastSet = -1
Set-ADUser -Instance $todouser
}
I want all admins to be able to pick a store and do all users, then move on. I just don't want to change all users in company in mass on the same day - wow what a disaster that would be.
I just can't find any code to take the output from the first line of code and make it into a choice list on screen. Then take choice and use it to help select the filter in the second part.
The easiest built-in method you can use in PowerShell to offer a selection is with
OutGridView, using-OutputMode Singleto ensure that the users can only pick a single Organizational Unit. You can add a condition later on to ensure that the user made a selection.Then for the filtering of users, you can include
-SearchBaseand-SearchScopeto target that specific Organizational Unit and to specify if you want to look for users one level in that hierarchy or recursive search. You can also use the Active Directory filter to find users which's password has not been set in the past 42 days.Lastly,
Set-ADUseralready has the-ChangePasswordAtLogonflag, much easier than manually settingpwdLastSet.