Pricing  Get Quote
 
 

Secure & Automated Password Reset with PowerShell Command

The PowerShell script given below can be used to automatically reset the passwords at regular intervals. ADSelfService Plus also offers an option that can be used to automatically reset domain user’s passwords when they expire. When this option is enabled, a scheduler runs at regular intervals to search for password expired user accounts and automatically resets the passwords. The new password is then mailed to the user. Here is a comparison between the automatic password reset using PowerShell and ADSelfService Plus:

PowerShell

Param (
    [Parameter(Mandatory=$True)]
    [String]$InputFile
)
Function MakeRandomPass {
    Param (
        [Int]$PLength
    )
    If ($PLength -LT 4) {Return $Null}
    $Numbers = $Null
    For ($A=48;$A -LE 57;$A++) {$Numbers+=,[Char][Byte]$A}
    $UpCase = $Null
    For ($A=65;$A -LE 90;$A++) {$UpCase+=,[Char][Byte]$A}
    $LowCase = $Null
    For ($A=97;$A -LE 122;$A++) {$LowCase+=,[Char][Byte]$A}
    $SpChar = $Null
    For ($A=33;$A -LE 47;$A++) {$SpChar+=,[Char][Byte]$A}
    For ($A=58;$A -LE 64;$A++) {$SpChar+=,[Char][Byte]$A}
    For ($A=123;$A -LE 126;$A++) {$SpChar+=,[Char][Byte]$A}
    
    $Buffer = @()
    For ($A=1;$A -LE $PLength;$A++) {$Buffer+=0}
    While ($True) {
        $NumChar = (Get-Random -Minimum 0 -Maximum $PLength)
        If ($Buffer[$NumChar] -EQ 0) {$Buffer[$NumChar] = 1; break}
    }
    While ($True) {
        $NumChar = (Get-Random -Minimum 0 -Maximum $PLength)
        If ($Buffer[$NumChar] -EQ 0) {$Buffer[$NumChar] = 2; break}
    }
    While ($True) {
        $NumChar = (Get-Random -Minimum 0 -Maximum $PLength)
        If ($Buffer[$NumChar] -EQ 0) {$Buffer[$NumChar] = 3; break}
    }
    While ($True) {
        $NumChar = (Get-Random -Minimum 0 -Maximum $PLength)
        If ($Buffer[$NumChar] -EQ 0) {$Buffer[$NumChar] = 4; break}
    }
    $ThisPassword = $Null
    ForEach ($CharType In $Buffer) {
        If ($CharType -EQ 0) {
            $CharType = ((1,2,3,4) | Get-Random)
        }
        Switch ($CharType) {
            1 {$ThisPassword+=($Numbers | Get-Random)}
            2 {$ThisPassword+=($UpCase | Get-Random)}
            3 {$ThisPassword+=($LowCase | Get-Random)}
            4 {$ThisPassword+=($SpChar | Get-Random)}
        }
    }
    Return $ThisPassword
}

$ErrorActionPreference = "SilentlyContinue"
$T = Get-Date
If ($Error) {$Error.Clear()}
Write-Host "`n"
Write-Host "Working. Please wait"
Write-Host "`n"
$RepFile = $T -Replace " ", $Null
$RepFile = $RepFile -Replace ":", $Null
$RepFile = $RepFile -Replace "/", $Null
$RepFile = $RepFile -Replace "-", $Null
If (Test-Path "Report_$RepFile.txt") {
    Remove-Item "Report_$RepFile.txt"
}
New-Item -Path "Report_$RepFile.txt" -Type File -Force -Value "REPORT: Reset Local User Account Password On Multiple Computers" | Out-Null
Add-Content "Report_$RepFile.txt" "`n"
Add-Content "Report_$RepFile.txt" "`n"
Add-Content "Report_$RepFile.txt" "Report Created On $T"
Add-Content "Report_$RepFile.txt" 
Add-Content "Report_$RepFile.txt" "`n"

Import-CSV -Path $InputFile | ForEach-Object {
    Try {
        $ThisMachine = $_.ComputerName
        $ThisAccount = $_.LocalAccountLoginID
        If (!([string]::IsNullOrEmpty($ThisMachine)) -AND !([string]::IsNullOrEmpty($ThisAccount))) {
            Write-Host "`tAttempting to reset the  local account password in computer: $ThisMachine" -ForeGroundColor "Yellow"
            $PassToSet = MakeRandomPass 20
            $ThisUser = [ADSI]"WinNT://$ThisMachine/$ThisAccount, User"
            $ThisUser.SetPassword($PassToSet)
            $ThisUser.SetInfo()
            If (!$Error) {
                Add-Content "Report_$RepFile.txt" "$ThisMachine `t`t -- $ThisAccount `t`t -- $PassToSet `t`t --success: Password Has Been Reset/Changed."
            }
        }       
    }
    Catch {
        [System.Exception] | Out-Null
        If ($Error) {
            Add-Content "Report_$RepFile.txt" "$ThisMachine `t`t -- $ThisAccount `t`t -- Password Reset has failed. An Error Has Occurred."
            Add-Content "Report_$RepFile.txt" $Error
            $Error.Clear()
        }
    }
}
Write-Host "`n"
Write-Host "Task Completed. Check Report File: Report_$RepFile.txt"
Notepad "Report_$RepFile.txt"
Write-Host "`n"
 Copied
Click to copy entire script

ADSelfService Plus

In ADSelfService Plus:
  • Go to Configuration > Policy Configuration.
  • Create a new policy.
  • Once the information required to create the policy is provided, click on Advanced, navigate to the Automation tab and select the Automatically resets domain user’s passwords when they expire checkbox.
  • Specify the Frequency at which the scheduler should be run.
  • Select the Upon automatic password reset, force users to change password at next logon checkbox if required.
  • The Reset password to field can be set to Custom text or Password Policy (a random password generated based on the custom password policy).
  • Move to Notification > Reset Password and enter the necessary details to notify users about their reset passwords.
  • Click OK and in the Policy Configuration section, click Save.
Secure & Automated Password Reset with PowerShell Command
Advantages of ADSelfService Plus
  • Quick configuration:

    With ADSelfService Plus, automatic password reset can be enabled by a few clicks and entering minimal information. In PowerShell, this requires creating, debugging, and running scripts.

  • Choose which users' passwords can be automatically reset:

    When creating an ADSelfService policy, administrators can select the domain, OUs, and groups whose users can have their passwords automatically reset upon expiration. Using PowerShell to automate password resets for specific users will require creating an extensive script

  • Prevent the creation of weak passwords:

    ADSelfService Plus' Password Policy Enforcer allows administrators to create and enforce custom password policies that inhibit the creation of weak passwords. The passwords generated automatically can be chosen to comply with this custom password policy.

  • Synchronize passwords with enterprise applications:

    ADSelfService Plus' Password Synchronization feature, when enabled, automatically syncs the new password with the user's accounts in enterprise applications like G Suite and Salesforce.

  • Audit report for passwords reset:

    Captures all password reset operations including automated password resets in reports that can be easily generated with a single click and exported in various formats such as HTML, CSV, PDF, and XLS.

  • Notify administrators:

    Administrators are periodically sent a consolidated report that contains details on all the password reset operations.

Automatically reset Active Directory users' passwords.

  Get 30-day free trial.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link