Active Directory: Reset Password expiration with Powershell

Once upon a time there was a Domain whose passwords never expire. User were happy then.
But security administrator came and set a password expiration policy, so all passwords expired at the same time.
If we want to avoid such a caos, we can reset the password expiration with the current date to prevent passwords to expire immediately when the policy applies.
You won't prevent users to become sad, but at least they won't become angry...

The PwdLastSet attribute saves the last date the password was changed, and is what the system bases on to warn us if the password is about to expire.

For worse we can't change that attribute value with the date we want. It is a protected attribute and only permits administrators to set a 0 to force reset password or a -1 to set current date as last password change.
In addition the -1  value is only permited when current value is 0.

To reset the password expiration to a list of users:

$Dom='LDAP://DC=Domain,DC=local'

$users=get-content("users.txt")
foreach ($user in $users)
{
$objDomain = New-Object System.DirectoryServices.DirectoryEntry $Dom
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = "(&(objectCategory=person)(objectClass=user)(samAccountName=" + $user + "))"

$Result1 = $objSearcher.FindOne()
if ($Result1 -ne $NULL)
{ 
$objuser=$Result1.GetDirectoryEntry()
write-host $objuser.samaccountname -fore green
#reset password change date
$objuser.Put("PwdLastSet", 0)
$objuser.setinfo()
#assign current date as last password change
$objuser.Put("PwdLastSet", -1)
$objuser.setinfo()
}
else
{
write-host "The user $user do not exist"
}

}#end foreach

If you are a bit foresighted you can make lists of users to reset their PwdLastSet during different days to spread in time their next password change.