I've been searching for over a week high and low now trying to find a way to do this via PS.
We'd like to lockout certain users (we can put them in a group/OU) 30 days after their first successful log in - the one requiring
password change by them.
And we'd like to disable it REGARDLESS of their activity.
All the tips and scripts I've found look for 'inactivity', date created etc.
Only parameters I need are 30 days AFTER the first log in. Accounts might be created 60 days before actual use, but still need to be disabled 30 days after their first successful log in.
Any tips would be GREATLY appreciated!