question

SourSnacks-0437 avatar image
0 Votes"
SourSnacks-0437 asked IanXue-MSFT edited

PowerShell Password Reset

Trying to reset users passwords to a default that I'm using as a standard then force them to reset their password at next login. The users are scattered in AD within different OUs, but I was able to export a .csv with the users. The .csv that was exported has "Name", "Email", "Site", and "Position" fields. I'm not sure if the field information helps any.

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered AndreasBaumgarten edited

@SourSnacks-0437 ,

you need a file with the samAccountName of the users. The file with "Name", "Email", "Site", and "Position" fields doesn't work.

Use the script on your own risk. Not tested by myself.

 $users = Get-Content -Path "UserNameList.txt"
 foreach ($user in $users) {
     # Set password
     Set-ADAccountPassword -Identity $user -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)
     # Set ChangePasswordAtLogon
     Set-ADUser -Identity $user -ChangePasswordAtLogon $true
     }

The text file should contain only the username (samAccountName) of the users (one per row).
For instance:

Username1
Username2
Username3


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered SourSnacks-0437 commented

Hi @SourSnacks-0437 ,

the best would be to have the samAccountName of the user.
With the samAccountName you can use these 2 PowerShell cmdlets to set the password of the user and the option to force the change of the password at next login:

 # Set the password
 Set-ADAccountPassword -Identity TESTUSER -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)

 # Set ChangePasswordAtLogon
 Set-ADUser -Identity TESTUSER -ChangePasswordAtLogon $true

https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adaccountpassword?view=windowsserver2019-ps
https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-aduser?view=windowsserver2019-ps


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Instead of individually resetting users passwords can I have it read from the .csv list I've exported?

0 Votes 0 ·
IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered IanXue-MSFT edited

Hi,

You should export SamAccountName or UserPrincipalName because Name is not unique in your domain. AD users in different OUs may have the same Name. If you have samAccountName in the csv file you can reset user passwords like below

 $file = 'C:\temp\user.csv'
 $password = ConvertTo-SecureString -String "Password01!" -AsPlainText -Force
 Import-Csv -Path $path | ForEach-Object{
     $samAccountName = $_.samAccountName
     $user = Get-ADUser -Filter {samAccountName -eq $samAccountName}
     if($user){
         Set-ADAccountPassword -Identity $user -NewPassword $password -Reset
         Set-ADuser -Identity $user -ChangePasswordAtLogon $true
     }
     else{
         Write-Host "$samAccountName not found"
     }    
 }

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.