AD reset user passwords for a security group

active-directory powershell windows-server-2008-r2

I'm not quite sure if this is possible or not, but I need to force a certain security group's users to have their passwords expire so they'll be forced to change them on next login. The reason for this is because I applied a FGPP (password policy) to this particular group in order to enforce strong passwords. Well, many users have really weak passwords and they won't be changed unless they're forced.

Is there a way to do this without forcing everyone to a single password?


You can do this in Powershell and Set-ADUser. Change the ChangepasswordatLogon flag to True.

Would look something like this:

Get-ADuser -Filter {memberof -RecursiveMatch "DN of Security Group"} | Set-ADuser -ChangePasswordatLogon:$true

Related

Using SAN Replication/Snapshots for SQL Server disaster recovery?
IIS only serve requests with hostnames
Are there any features in Linux that are essential for hosting Ruby on Rails?
FreeBSD how to rebuild all p5-* Perl 5 ports
Is there a way to find out what printers a user has mapped remotely?
http in the Location-header when the original request was made over https
Migrate KVM .img to VirtualBox .vdi
How to restart automatically the server after the backup is done
How to pass input from one script into another using bash
dig & nslookup can't resolve local hosts unless I specify the (local) DNS server to use
ESXi hosted on public IP without firewall
Find all snapshots created by ami where ami is deleted