Home / server / Questions / 444552
Accepted
Patrick Pellegrino
Asked: 2012-11-02 13:16:21 +0800 CST

Powershell - how to set multiple action on get-aduser "dataset"

  • 772

I'm trying to run a script that modify password for multiple AD user accounts, enable the accounts and force a password change at next logon.

I use this code but that's not work :

Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassord" -Force) | Enable-ADAccount | Set-ADUSER -ChangePasswordAtLogon $true

If I run the Get-ADuser line with ONLY one of the other line that's run fine ex :

Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | Enable-ADAccount

Where I'm wrong ? I'm new to PowerShell probably I'm misunderstanding something.

active-directory

2 Answers

  1. Best Answer

    Your pipeline doesn't work the way you expect it does. 

    $UserList=Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local"
foreach ($User in $UserList) {
    Set-ADAccountPassword $User -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassord" -Force
    Enable-ADAccount $User
    Set-ADUSER $user -ChangePasswordAtLogon $true
}

    Pipelines aren't good for multiple actions on the same object. They only work if each command in the pipeline forwards the same object as the initial object. For that, iterating through a loop makes a lot more sense.

    • 4

  2. Get-ADUSER -Filter * -SearchScope Subtree -SearchBase "OU=myou,OU=otherou,DC=mydc,DC=local" | %{ Set-ADAccountPassword $.Name -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewPassord" -Force) Enable-ADAccount $.Name Set-ADUSER $_.Name-ChangePasswordAtLogon $true }

    • 0