Reset Password for Bulk Active Directory Accounts – Multi Domain Environments

Read Time:2 Minute, 4 Second

Security is a concern when it comes to Active Directory Accounts. At times you find some suspicious activity on some accounts in your Enterprise and the best remedy is to reset the password as soon as possible.

So here I used PowerShell to make my life easier. This script is made keeping in mind the difficulties of Administrators in Multi-Domain Environment.

<#
.SYNOPSIS
   Bulk Password Reset
.DESCRIPTION

###################################################################################
#Script by Shinish
#Purpose of this script is to Reset the Password for the Bulk users, Unlock the 
#Users and Set to change Password at next Login
###################################################################################
Dependency .\users.txt
#>
function Get-RandomCharacters($length, $characters) {
    #This function is for generating random Password
    $Pwd = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
    $private:ofs=""
    return [String]$characters[$Pwd]
}
function Scramble-Password([string]$inputString){   
    #This function is to scramble Password  
    $characterArray = $inputString.ToCharArray()   
    $scrambledStringArray = $characterArray | Get-Random -Count $characterArray.Length     
    $outputString = -join $scrambledStringArray
    return $outputString 
}
function Update-Password
{
    [CmdletBinding()]
    [Alias()]
    [OutputType([int])]
    Param
    (
        # Insert SamAccountName
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=0)]
        $SamAccount,
        # Domian help description
        [Parameter(Mandatory=$true,
                   ValueFromPipelineByPropertyName=$true,
                   Position=1)]
        $Domain
    )
        $password = Get-RandomCharacters -length 5 -characters 'abcdefghiklmnoprstuvwxyz'
        $Password += Get-RandomCharacters -length 3 -characters 'ABCDEFGHKLMNOPRSTUVWXYZ'
        $Password += Get-RandomCharacters -length 3 -characters '1234567890'
        $Password += Get-RandomCharacters -length 3 -characters '!%&?@#+'
        $Password = Scramble-Password $Password
        Write-Output $password      
        #Reset Password
        Set-ADAccountPassword $SamAccount -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $Password -Force) -Server $Domain -Confirm:$false 
        #Unlock Account
        Unlock-ADAccount –Identity $SamAccount -Server $Domain
        #SamAccount is set to change Password at next logon
        Set-ADUser –Identity $SamAccount –ChangePasswordAtLogon $True -Server $Domain -ea stop
}
$Usrs = get-content .\Users.txt -ea SilentlyContinue
$srvs = (Get-ADForest).domains
$total = $Usrs.Count
$i=0
$Date = get-date -UFormat %d-%m-%Y
$Filename = "Log-"+$Date+".log"
if($Usrs -eq $null)
{

    Write-Output "Input file not found"
}
else{
    Foreach ($Srv in $srvs){
        foreach ($usr in $Usrs){
            $Outo =$usr.ToUpper()
            $validater = get-aduser  -Filter {sAMAccountName -eq $usr} -Server $Srv
             If ($validater -ne $null){
             Try{  
                $pwd = Update-Password -SamAccount $validater.SamAccountName -Domain $Srv -Verbose
                                $i++
                Out-file -FilePath ".\$Filename" -InputObject "Password Reset  $Outo with $pwd" -Append -Force 
                }
             Catch{
                Out-file -FilePath ".\$Filename" -InputObject "[Error] While resetting the password for $Outo. Please RunAs Administrator and try again" -Append -Force
                }               
             }               
        }
      $counter= (($i/$total) * 100)
      $counter  = [math]::Round($counter)
      Write-Progress -Activity "Resetting Password in Progress. Please Wait..." -Status "$counter % Complete:" -PercentComplete (($i/$total) * 100)
    }
    Clear-host
    Write-Output "Script Completed. Log is available at .\$Filename"
}