Read Time:2 Minute, 4 Second
Security is a concern when it comes to Active Directory Accounts. At times you find some suspicious activity on some accounts in your Enterprise and the best remedy is to reset the password as soon as possible.
So here I used PowerShell to make my life easier. This script is made keeping in mind the difficulties of Administrators in Multi-Domain Environment.
<# .SYNOPSIS Bulk Password Reset .DESCRIPTION ################################################################################### #Script by Shinish #Purpose of this script is to Reset the Password for the Bulk users, Unlock the #Users and Set to change Password at next Login ################################################################################### Dependency .\users.txt #> function Get-RandomCharacters($length, $characters) { #This function is for generating random Password $Pwd = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length } $private:ofs="" return [String]$characters[$Pwd] } function Scramble-Password([string]$inputString){ #This function is to scramble Password $characterArray = $inputString.ToCharArray() $scrambledStringArray = $characterArray | Get-Random -Count $characterArray.Length $outputString = -join $scrambledStringArray return $outputString } function Update-Password { [CmdletBinding()] [Alias()] [OutputType([int])] Param ( # Insert SamAccountName [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] $SamAccount, # Domian help description [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=1)] $Domain ) $password = Get-RandomCharacters -length 5 -characters 'abcdefghiklmnoprstuvwxyz' $Password += Get-RandomCharacters -length 3 -characters 'ABCDEFGHKLMNOPRSTUVWXYZ' $Password += Get-RandomCharacters -length 3 -characters '1234567890' $Password += Get-RandomCharacters -length 3 -characters '!%&?@#+' $Password = Scramble-Password $Password Write-Output $password #Reset Password Set-ADAccountPassword $SamAccount -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $Password -Force) -Server $Domain -Confirm:$false #Unlock Account Unlock-ADAccount –Identity $SamAccount -Server $Domain #SamAccount is set to change Password at next logon Set-ADUser –Identity $SamAccount –ChangePasswordAtLogon $True -Server $Domain -ea stop } $Usrs = get-content .\Users.txt -ea SilentlyContinue $srvs = (Get-ADForest).domains $total = $Usrs.Count $i=0 $Date = get-date -UFormat %d-%m-%Y $Filename = "Log-"+$Date+".log" if($Usrs -eq $null) { Write-Output "Input file not found" } else{ Foreach ($Srv in $srvs){ foreach ($usr in $Usrs){ $Outo =$usr.ToUpper() $validater = get-aduser -Filter {sAMAccountName -eq $usr} -Server $Srv If ($validater -ne $null){ Try{ $pwd = Update-Password -SamAccount $validater.SamAccountName -Domain $Srv -Verbose $i++ Out-file -FilePath ".\$Filename" -InputObject "Password Reset $Outo with $pwd" -Append -Force } Catch{ Out-file -FilePath ".\$Filename" -InputObject "[Error] While resetting the password for $Outo. Please RunAs Administrator and try again" -Append -Force } } } $counter= (($i/$total) * 100) $counter = [math]::Round($counter) Write-Progress -Activity "Resetting Password in Progress. Please Wait..." -Status "$counter % Complete:" -PercentComplete (($i/$total) * 100) } Clear-host Write-Output "Script Completed. Log is available at .\$Filename" }
Below is the sample log file
Thank you.
Shinish Sasidharan (MCSE)
It’s really very nice and useful…