password-change.ps1

function Get-User($user)
{
	# this function should be passed the CN of the user to be returned
	$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() 
	$root = [ADSI] "LDAP://$($dom.Name)"
	$searcher = New-Object System.DirectoryServices.DirectorySearcher $root
	$searcher.filter = "(&(objectCategory=person)(objectClass=user)(cn=$user))"
	$user = $searcher.FindOne()
	[System.Collections.Arraylist]$names = $user.Properties.PropertyNames
	[System.Collections.Arraylist]$props = $user.Properties.Values
	$userobj = New-Object System.Object
	for ($i = 0; $i -lt $names.Count)
		{
			$userobj | Add-Member -type NoteProperty -Name $($names[$i]) -Value $($props[$i])
			$i++
		}
	$userobj.pwdlastset = [System.DateTime]::FromFileTime($userobj.pwdlastset)
	$userobj.lastlogontimestamp = [System.DateTime]::FromFileTime($userobj.lastlogontimestamp)
	return $userobj
}

Function Change-AdUserPwd 
{ 
Param( [string]$user, [system.Security.SecureString]$oldPwd , [system.Security.SecureString]$newPwd ) #end param 
$oUser = [adsi]"LDAP://$user" 
$ouser.psbase.invoke("ChangePassword",[Runtime.InteropServices.marshal]::PtrToStringAuto([Runtime.InteropServices.marshal]::SecureStringToBSTR($oldPwd)) ,[Runtime.InteropServices.marshal]::PtrToStringAuto([Runtime.InteropServices.marshal]::SecureStringToBSTR($newPwd))) 
$ouser.psbase.CommitChanges() 
} # end function Set-AdUserPwd 

$usernames = Read-Host 'Write all usernames to change seperated by ";"'

$oPass = Read-Host 'What is your old password?' -AsSecureString
$nPass = Read-Host 'What is your new password?' -AsSecureString

Foreach ($item in $usernames.split(";")){
    write-host "Changing user: $item"
    $myusr = Get-User($item)
    $dn = $myusr.distinguishedname
    write-host "$tab distinguishedname: $item"
    Change-AdUserPwd -user $dn -oldpwd $oPass -newpwd $nPass
}