none
Script to change AD Password and Set to change at next logon RRS feed

  • Question

  • Hi All

    I hope you can help with what should be a simple task driving me mad. I am trying to get a script powershell or otherwise to reset a users password and get them to change it at next logon. This then updates a log file with who changed that password and send an e-mail with the same detail. I have created the below but i cannot get the change password at next logon working correctly all the other parts seem to be working as they should.

    @echo off
    cls
    echo This script will reset the password for a user, using their Logon Name
    echo.
        set /p LN= Enter Logon Name in Quotes : 
    echo.
    
    "\\ptdcnas001\sharedsn\IS PC Server Team\Lee\dsquery" user -samid %LN% -d greeneking.local | find "CN" > nul
    if %errorlevel% EQU 0 (
    echo User Found - %LN%
    net user %LN% * /Domain
    echo %date% %time% Password reset for User %LN% by %username% from %computername% >> \\10.200.6.71\sharedsn\ZonalPwReset\PWReset.log
    "\\ptdcnas001\sharedsn\IS PC Server Team\Lee\dsquery" user -samid %LN% -d greeneking.local | dsmod user -mustchpwd yes -disabled no >> \\ptdcnas001\sharedsn\ZonalPwReset\PWReset.log
    echo Password reset for User %LN%
    "\\ptdcnas001\sharedsn\IS PC Server Team\Lee\SendEmail" -f PW@zonal.co.uk -u Password Reset -t is-pcfileserverteam@greeneking.co.uk -m %date% %time% Password reset for User %LN% by %username% from %computername% -s 128.1.1.62 > nul
    ) else (
     echo.
     echo User not found %LN%
     echo.
    )
    pause

    Thanks in advance

    Tuesday, February 21, 2017 9:35 AM

Answers

All replies

  • It is definitely not recommend to try to do this with a shell script (batch file).

    What problem are you solving by writing such a script?


    -- Bill Stewart [Bill_Stewart]

    Tuesday, February 21, 2017 3:21 PM
    Moderator
  • Hi Bill

    We have a third party user that has access to RDP onto servers on our network. These servers do not have the AD Remote tools installed on them. The third party in question take calls from our customers for password resets they currently have to forward that call onto our service desk to reset the password. The idea is for our third party to be able to reset the AD password from a script and have it set to change at next logon from a server they RDP onto. I have folder \\ptdcnas001\sharedsn\IS PC Server Team\Lee\ that contains both dsmod and dsquery which the server has access to.  The third party have a domain account they use to logon with and that account has access to change password and set the change password at next logon attribute.  

    thanks

    Lee


    Wednesday, February 22, 2017 12:31 PM
  • Install the self-service password portal and let users reset their own passwords.


    \_(ツ)_/

    Wednesday, February 22, 2017 6:39 PM
  • This should work on any current version of Windows:

    $user = [adsi]([adsisearcher]'SAmAccountname=jsmith').FindOne().Path
    
    $user.SetPassword('123hegHO#')
    


    \_(ツ)_/

    Wednesday, February 22, 2017 6:49 PM
  • I wrote a command-line tool for password resets:

    http://www.westmesatech.com/misctools.html (ResetPassword_1.0.zip)


    -- Bill Stewart [Bill_Stewart]

    Wednesday, February 22, 2017 7:35 PM
    Moderator
  • Hi Bill

    Unfortunately the zip file is blocked by our network. Fundamentally I want the script to ask for the username that that needs resetting.  The User name is then found, if not display "user name not found" then the password is reset to one specified. This then changes the account to change password at next login. Log file is updated and e-mail sent to say when the password has been reset.

    Thanks

    Lee 

    Thursday, February 23, 2017 2:24 PM
  • Hi Thanks for your reply

    I need the script to do a little more .Fundamentally I want the script to ask for the username that that needs resetting.  The User name is then found, if not display "user name not found" then the password is reset to one specified. This then changes the account to change password at next login. Log file is updated and e-mail sent to say when the password has been reset.

    Thanks

    Thursday, February 23, 2017 2:25 PM
  • Sorry, but this is not a "write a custom script for me" forum.

    Please see the first post from the top of this forum:

    This forum is for scripting questions rather than script requests

    Also, I already provided you a solution. You will just need to be clever on how to get a copy of the ResetPassword.exe file onto your server.


    -- Bill Stewart [Bill_Stewart]

    Thursday, February 23, 2017 2:47 PM
    Moderator
  • jrv's code above should work on any client with PowerShell (the reply I just proposed as the answer). To expire the password, so the user must change it at the next logon, simply add the following at the end of jrv's code:

    $User.pwdLastSet = 0
    $User.SetInfo()
    


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Friday, March 3, 2017 3:42 PM
    Moderator