AD reset user passwords for a security group

I'm not quite sure if this is possible or not, but I need to force a certain security group's users to have their passwords expire so they'll be forced to change them on next login. The reason for this is because I applied a FGPP (password policy) to this particular group in order to enforce strong passwords. Well, many users have really weak passwords and they won't be changed unless they're forced.

Is there a way to do this without forcing everyone to a single password?


You can do this in Powershell and Set-ADUser. Change the ChangepasswordatLogon flag to True.

Would look something like this:

Get-ADuser -Filter {memberof -RecursiveMatch "DN of Security Group"} | Set-ADuser -ChangePasswordatLogon:$true