Created
December 29, 2016 10:55
-
-
Save denvers/a5b6e90a86056fb33274940206fcceee to your computer and use it in GitHub Desktop.
Force a password reset for G Suite (former Google Apps) users in a group. Also skip (some) user(s) if you want to.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* Periodic reset all user password in a Google Apps (G Suite) group. | |
* Optional: skip users based on emailaddress | |
* | |
* -- You need Google Apps (G Suite) admin rights to run this script. -- | |
* -- Use Google Apps script triggers to force resets periodically. -- | |
* | |
* @author: Denver Sessink <https://twitter.com/webvakker> | |
*/ | |
function periodicPasswordReset() { | |
try { | |
var SKIP_USERS = ['boss@example.com']; | |
var GROUP_EMAIL = "group@example.com"; | |
// Get group by GROUP_EMAIL and fetch all users of this group | |
var group = GroupsApp.getGroupByEmail(GROUP_EMAIL); | |
var users = group.getUsers(); | |
for (var i = 0; i < users.length; i++) { | |
var user = users[i]; | |
var userEmail = user.getEmail(); | |
if ( SKIP_USERS.indexOf(userEmail) > -1 ) { | |
// Skip this user | |
Logger.log("Skipping: " + userEmail); | |
continue; | |
} | |
Logger.log("Forcing password reset for: " + userEmail); | |
// Change password at next login -> true and save! | |
var userObject = AdminDirectory.Users.get(userEmail); | |
userObject.changePasswordAtNextLogin = true; | |
AdminDirectory.Users.update(userObject, userEmail); | |
} | |
GmailApp.sendEmail( | |
Session.getEffectiveUser().getEmail(), | |
'Log for User Pass Change Script: Successful', | |
Logger.getLog() | |
); | |
} catch(e) { | |
Logger.log('--------------------------------------------------------'); | |
Logger.log('Error occured: '+e.message); | |
// Send an email to yourself with logs | |
GmailApp.sendEmail(Session.getEffectiveUser().getEmail(), 'Log for User Pass Change Script : Error occured', Logger.getLog()); | |
} | |
} |
@halburgiss, you need to activate Google Directory Services
Resources -> Advanced
This is a quickly thrown variation that would force-reset password for all users in the domain.
function forcePasswordResetForAllUSers() {
try {
var SKIP_USERS = ['some.user@example.com',
'john.doe@example.com',
];
var options = {
domain: 'yourdomain.com',
maxResults: 500, // TO-DO: implement pagination
orderBy: "email"
}
var response = AdminDirectory.Users.list(options);
response.users.forEach(function(user) {
var userEmail = user.primaryEmail;
if ( SKIP_USERS.indexOf(userEmail) > -1 ) {
// Skip this user
Logger.log("Skipping: " + userEmail);
return;
}
Logger.log("Forcing password reset for: " + userEmail);
// UNCOMMENT THE FOLLOWING THREE CODE LINES IF YOU WANT TO ***REALLY*** FORCE-RESET ALL PASSWORDS.
// Note: running the script with the following lines still commented is akin to a DRY-RUN (you will still get an email as if the script was run for real, but nothing would have been changed)
// Change password at next login -> true and save!
// var userObject = AdminDirectory.Users.get(userEmail);
// userObject.changePasswordAtNextLogin = true;
// AdminDirectory.Users.update(userObject, userEmail);
});
GmailApp.sendEmail(
Session.getEffectiveUser().getEmail(),
'Log for User Pass Change Script: Successful',
Logger.getLog()
);
} catch(e) {
Logger.log('--------------------------------------------------------');
Logger.log('Error occured: '+e.message);
// Send an email to yourself with logs
GmailApp.sendEmail(Session.getEffectiveUser().getEmail(), 'Log for User Pass Change Script : Error occured', Logger.getLog());
}
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wed Feb 07 14:33:52 EST 2018 INFO: Error occured: "AdminDirectory" is not defined.