-
-
Save junecastillote/461fa0cd7e3b619fa85318cbda066331 to your computer and use it in GitHub Desktop.
AD User Password Reset Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Reset-UserPassword.ps1 | |
[cmdletbinding()] | |
Param ( | |
# Accepted values: | |
# * SamAccountName (joesmith) | |
# * ObjectGUID (54b0ebed-2d39-4378-8acb-efca96efcf8f) | |
# * DistinguishedName (CN=Joe Smith,CN=Users,DC=dev,DC=int) | |
[Parameter(Mandatory, ValueFromPipeline)] | |
[string[]] | |
$Identity, | |
# The fixed length of the new password. | |
# * Minimum = 8 | |
# * Maximum = 256 | |
# * Default = 14 | |
[Parameter()] | |
[Int] | |
$NewPasswordLength = 14 | |
) | |
Begin { | |
# Make sure the password length is within the range of 8 and 256. | |
if ($NewPasswordLength -notin (8..256)) { | |
"The -NewPasswordLegth value is not within the range of 8 and 256." | Out-Default | |
exit | |
} | |
Import-Module activedirectory -Force | |
# Define the character sets based on uppercase, lowercase, numeric, and special categories. | |
$CharacterSet = [System.Collections.ArrayList]@() | |
$null = $CharacterSet.Add($(('ABCDEFGHJKLMNPQRSTUVWXYZ').ToCharArray())) # Character group 0 | |
$null = $CharacterSet.Add($(('abcdefghijkmnopqrstuvwxyz').ToCharArray())) # Character group 1 | |
$null = $CharacterSet.Add($(('23456789').ToCharArray())) # Character group 2 | |
$null = $CharacterSet.Add($(('*$-+?_&=!%{}/').ToCharArray())) # Character group 3 | |
} | |
Process { | |
#Region Generate_Password | |
foreach ($currentId in $Identity) { | |
# Initialize an empty password | |
$newPassword = "" | |
do { | |
# Generate the password with a set of 4 characters in this order: | |
# uppercase, lowercase, numeric, special. Repeat until the | |
# new password length is equal to the $NewPasswordLength value. | |
0..($CharacterSet.Count - 1) | ForEach-Object { | |
if ($newPassword.Length -lt $NewPasswordLength) { | |
# Add a random character to the password from the current character group set. | |
$newPassword += $CharacterSet[$_][$(Get-Random -Minimum 0 -Maximum ($CharacterSet[$_].Count))] | |
} | |
} | |
} | |
# Stop when the random password length is equal to the specified $NewPasswordLength. | |
until ($newPassword.Length -eq $NewPasswordLength) | |
#EndRegion Generate_Password | |
#Region Reset_Password | |
try { | |
# Get the user account properties | |
$userObject = Get-ADUser -Identity $currentId -Properties DisplayName -ErrorAction Stop | |
# Reset the AD User password | |
Set-ADAccountPassword -Identity $userObject.DistinguishedName -NewPassword ($newPassword | ConvertTo-SecureString -AsPlainText -Force) | |
# Force the user to change the password on the next log on | |
Set-ADuser -Identity $userObject.DistinguishedName -ChangePasswordAtLogon $true | |
# Return the result | |
$([pscustomobject]@{ | |
Identity = $userObject.SamAccountName | |
'Display name' = $userObject.DisplayName | |
'New Password' = $newPassword | |
'Result' = 'Success.' | |
}) | |
} | |
catch { | |
$([pscustomobject]@{ | |
Identity = $currentId | |
'Display name' = '-' | |
'New Password' = '-' | |
'Result' = "Failed. $($_.Exception.Message)" | |
}) | |
} | |
} | |
#EndRegion Reset_Password | |
} | |
End { | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment