Ensure you are connected to AD before running the script. This loads the AD module required for user management.
Import-Module ActiveDirectoryDefine a script to handle password resets securely. This function resets passwords for specified users.
function Reset-UserPassword {
param (
[string]$Username,
[string]$NewPassword
)
$SecurePassword = ConvertTo-SecureString $NewPassword -AsPlainText -Force
Set-ADAccountPassword -Identity $Username -NewPassword $SecurePassword -Reset
Write-Host "Password reset successfully for $Username"
}Create a simple user prompt to accept input. This script prompts users for their username and new password.
$Username = Read-Host "Enter your username"
$NewPassword = Read-Host "Enter new password" -AsSecureString
Reset-UserPassword -Username $Username -NewPassword (ConvertFrom-SecureString $NewPassword)Run this script as a self-service reset tool. This script automates self-service password resets by running the script at startup.
$trigger = New-ScheduledTaskTrigger -AtStartup
$action = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\Scripts\SelfServiceReset.ps1"
Register-ScheduledTask -TaskName "SelfServiceReset" -Trigger $trigger -Action $action -User "SYSTEM"Users can reset passwords without IT intervention using an automated PowerShell script.
Yes, you can use group-based access control to restrict access to specific users.
Use the script below to get password reset attempt event logs:
Get-EventLog -LogName Security -InstanceId 4724
