Pretty much as it says, if we reset an account, tick the box for the user to change password on Logon and they have not done that in 24 hrs, can we then disable the account again. Sure, but there is no ChangePasswordOnLogon property in AD Get-ADUser command, but in the Set-ADUser there is?
Continue reading…