In a previous article I demonstrated how to use the Microsoft Active Directory module in PowerShell to reset a user account password. Because this is a task you might delegate it might be nicer to provide a script or tool to simplify the process. There are a number of ways you might go and I’ll walk you through a couple.
Latest posts by Jeffery Hicks (see all)

Requirements ^

First off, we’re going to assume that the person running your tool has the necessary credentials to change the user’s password, that they have the Active Directory RSAT module installed on their computer, that their execution policy is set to allow running your script and that they know how to execute a PowerShell script.

I’m also going to assume we’re building a tool to handle a single user at a time based on my code examples from my earlier column.

Console based script ^

Here is a very simple script that someone can run.

#requires -version 3.0

Param(
 [Parameter(Position=0,Mandatory=$True,
 HelpMessage="What is the user's SAMAccountname?")]
[string]$Username
)

#prompt for the new password
$NewPassword=$(Read-Host "Enter the user's temporary password" -AsSecureString)

#define a hash table of parameter values to splat to 
#Set-ADAccountPassword
$paramHash = @{
Identity = $Username
NewPassword = $NewPassword 
Reset = $True
Passthru = $True
ErrorAction = "Stop"
}

Try {
 Set-ADAccountPassword @paramHash |
 Set-ADUser -ChangePasswordAtLogon $True -PassThru

}
Catch {
    Write-Warning "Failed to reset password for $Username"
    #show what went wrong
    Write-Warning $_.Exception.Message
}

The only parameter is the user’s SAMAccountname. And if they don’t specify it, they will be prompted because I made the parameter mandatory. The user will be prompted for the password which will be treated as a secure string.

I’m splatting parameters to Set-ADAccountPassword only because it makes it easier I think to read the script. I’ve also included some error handling so that if the change fails PowerShell will display the warning message which includes the error message. The screenshot shows the script in action.

Reset-UserPassword.ps1

If the change is successful, the script writes the user account to the pipeline. For those of you with some PowerShell scripting experience you can take this as a starting point and go much further with it.

Get graphic ^

Or perhaps the person running your script is more comfortable with a more graphical experience. Without resorting to a full blown Winforms script here is a simpler approach using some VBScript-style elements.

#requires -version 3.0

Param()

$prompt = "Enter the user's SAMAccountname"
$Title = "Reset Password"
$Default = $null

Add-Type -AssemblyName "microsoft.visualbasic" -ErrorAction Stop
#use a VBScript style input box to prompt for the user name
$username = [microsoft.visualbasic.interaction]::InputBox($Prompt,$Title,$Default)

if ($username) {
    #prompt for the new password
    $prompt = "Enter the user's new password"
    $Plaintext =[microsoft.visualbasic.interaction]::InputBox($Prompt,$Title,$Default)

    #convert to secure string
    $NewPassword = ConvertTo-SecureString -String $Plaintext -AsPlainText -Force

    #define a hash table of parameter values to splat to 
    #Set-ADAccountPassword
    $paramHash = @{
    Identity = $Username
    NewPassword = $NewPassword 
    Reset = $True
    Passthru = $True
    ErrorAction = "Stop"
    }

    Try {
     $output = Set-ADAccountPassword @paramHash |
     Set-ADUser -ChangePasswordAtLogon $True -PassThru |
     Get-ADuser -Properties PasswordLastSet,PasswordExpired,WhenChanged | Out-String

     #display user in a message box
     $message = $output
     $button = "OKOnly"
     $icon = "Information"
     [microsoft.visualbasic.interaction]::Msgbox($message,"$button,$icon",$title) | Out-Null
    }
    Catch {
        #display error in a message box
        $message =  "Failed to reset password for $Username. $($_.Exception.Message)"
        $button = "OKOnly"
        $icon = "Exclamation"
       [microsoft.visualbasic.interaction]::Msgbox($message,"$button,$icon",$title) | Out-Null
    }
} #if user specified

This version doesn’t take any parameters. When the user starts the script they will be prompted for the user name using an InputBox.

Reset Password - Enter SAMAccountname

And then for a password.

Reset Password - Enter new password

There is no way to mask the password here using this control. It can be done using a Windows form, which is more complicated than I want to get into. After the change is made, this version of the script gets the user account, including a few properties and displays the results in another message box.

Reset Password - Results

Any errors are also displayed with a message box.

Reset Password - Errors

Summary ^

As you can see from the error, my script is searching the entire domain. It also requires the person running the script to know the user’s SAMAccountname. But perhaps you need to limit the scope of your tool or make it even easier to use. I’ll show you that next time.

3 Comments
  1. Mike 8 years ago

    Great post and alot of good information that I’ve used to create a tool in our environment. My next question is, is there any way in PowerShell to create a Password expiry notification tool that would be used to notify users that their password expires in X number of days? I’d love to have one that would do 7 day, 2 day, 1 day notifications. I’ve done some research and testing but it’s not an easy one that’s for sure 🙂

  2. Mike, have a look at this.

  3. Jason 4 years ago

    Looking for a script similar to this one but you dont set the password, you simply force a reset.   So user gets prompted for the input of the SAMAccountName and the end user is notified they have to change their password when they login the next time.

Leave a reply to Mike Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published.

*

© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account