Home > front end >  Power shell script for blocking an Active Directory user account if the password is not changed with
Power shell script for blocking an Active Directory user account if the password is not changed with

Time:04-04

Is it possible to block a user account if the user does not change his password after 24 hours from the moment the administrator restarts the user's password?

CodePudding user response:

The following solution is not bulletproof as it relies on the whenChanged attribute that might be changed by any other reason (something else changed on the object).

It is a PowerShell script that could be executed multiple times a day to be close to the 24 hours password change timeframe. It will get all enabled users wich have to change their password and where the user object has not been modified within 1 day.

$MaxLastChanged = $(Get-Date).AddDays(-1)
$Filter = { (pwdLastSet -eq 0) -and (enabled -eq "true") -and (whencreated -lt $MaxLastChanged) }
$AllUsersToGetDisabled = Get-ADUser -Filter $Filter -Properties WhenCreated

foreach ($User in $AllUsersToGetDisabled) {
    Disable-ADAccount $User
}

Create a scheduled task for it and you will be fine.

Page link:https//www.codepudding.com/frontend/359897.html

Prev:Issue with downloading different file from same website
Next:speechrecognition does not work on android11
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding