Set-UserPasswordSettings cmdlet sets password settings of AD user.

This cmdlet supports risk-mitigation parameters.

Input parameters

#
Parameter
Type

Mandatory (R/O)

Description
Restrictions/Valid Values
1 Authentication Information (all parameters)  
2 CannotChangePassword SwitchParameter O Parameter, which defines whether the user can change password or not
  • True - the user cannot change password.
  • False - the user can change password.

For setting parameter in true you need to specify it when invoking, in other case it is set to false.

3

Identity

(aliases: GUID, DistinguishedName)

string O* A property, that is used for managing the user

Value of one of these parameters  can be used as Identity:

#ParameterDescription
1 GUID Globally Unique Identifier (ObjectGuid)
2 DistinguishedName Unique name of the object in Active Directory
4 MustChangePasswordOnNextLogin SwitchParameter O Parameter, which defines whether the user must change password on next login or not
  • True - the user must change password on next login.
  • False - the user must not change password on next login.

For setting parameter in true you need to specify it when invoking, in other case it is set to false.

5 OriginatingServer string O

Address of the server (domain name), where the object physically exists.

Note: It is recommended to use this parameter as input to guarantee execution of operation with actual data. To get this parameter use Get-User cmdlet.

Max length is 255 symbols
6 UserPrincipalName string O*

Primary Email address (Login)

Max length is 1024 symbols

Note: O* - the request must contain at least one of these parameters (Identity, UserPrincipalName) or both of them. If both parameters are specified, Identity is a priority parameter.

Output parameters 

No parameters

Example of using Set-UserPasswordSettings cmdlet 

Set-UserPasswordSettings -Identity '3e10770c-22ec-4676-90d8-f4cd28a27911' -CannotChangePassword 0 -MustChangePasswordOnNextLogin 0