Powershell: Find AD users with Change Password at Next Logon

We can get the list of AD users who should change their password at the next logon using Active Directory powershell cmdlet Get-ADUser. In this article, I am going to write Powershell script to list of AD users who have the setting “Change Password At the Next Logon” enabled and export AD users to CSV file. 

Use the following command to import Active Directory cmdlets.

Import-Module ActiveDirectory

List AD users with change password at the next logon:

Get-ADUser -LDAPFilter "(pwdLastSet=0)" | Select SamAccountName,distinguishedName

Export AD Users with with Change Password at Next Logon to CSV using Powershell

We can export powershell output into CSV file using Export-CSV cmdlet. The following command export selected properties of all the AD users with change password at next the logon to CSV file.

Import-Module ActiveDirectory
Get-ADUser -LDAPFilter "(pwdLastSet=0)" | Select SamAccountName,distinguishedName |
Export-CSV "C:\ChangePasswordAtNextLogon.csv" -NoTypeInformation -Encoding UTF8
Advertisement

5 thoughts on “Powershell: Find AD users with Change Password at Next Logon”

    • You have to set your required OU in SearchBase parameter

      Get-ADUser -LDAPFilter “(pwdLastSet=0)” -SearchBase “OU=TestOU,DC=TestDomain,DC=com” | Select SamAccountName,distinguishedName

      Reply
    • Get-ADUser -LDAPFilter “(pwdLastSet=0)” -SearchBase “OU=TestOU,DC=TestDomain,DC=com” | Where {Enabled -eq $true} | Select SamAccountName,distinguishedName

      Reply

Leave a Comment