none
Hey Scripting Guy! How can I separate variable output to another variable. RRS feed

  • Question

  • Really hope I can make this make sense. I am very new to scripting so I am sure I am missing something easy.

    I am working on a script to change the passwords of multiple users in an OU. These passwords will be the same as the username with a set of characters appended to it. (I know this is is not a good idea, but it is what management wants no matter how much I advise against it) 

    Here is what I have so far...

    $Password = get-aduser -filter * -SearchBase "ou=1,ou=2, ou=3, dc=example, dc=com" | select -ExpandProperty samaccountname

    $Passwords=$Password.toLower()

    $Users = get-aduser -filter * -SearchBase "ou=1,ou=2, ou=3, dc=example, dc=com" | select -ExpandProperty DistinguishedName

    Set-ADDefaultDomainPasswordPolicy -Identity example.com -ComplexityEnabled 0

    foreach ($User in $Users) {

    dsmod user $User -pwd $Passwords"q3"

    }

    Set-ADDefaultDomainPasswordPolicy -Identity cefco.com -ComplexityEnabled 1

    This is the output


    dsmod succeeded:CN=User1,OU=1,OU=2,OU=3,DC=example,DC=com
    dsmod succeeded:CN=User2,OU=1,OU=2,OU=3,DC=example,DC=com
    dsmod succeeded:CN=User3,OU=1,OU=2,OU=3,DC=example,DC=com


    Most seems to do what I anticipate. It pulls a list of users from the OU, cycles through that list and changes the password to the variable $passwords. The problem I am having is that the $passwords variable is passed as an entire block and not applied line by line. For example...

    $Passwords

    user1

    user2

    user3

    So when the password is applied, it becomes users1user2user3q3 and not user1q3 for User1 and user2q3 for User2.

    I'm thinking it has something to do with split line, but that's just a guess.

    Really hope this makes sense and I can find some help.

    Tuesday, August 11, 2015 4:57 PM

Answers

  • Here's something you can play with:

    Get-ADUser -Filter * -SearchBase 'OU=Users - TEST,DC=domain,DC=com' | ForEach {
    
        Set-ADAccountPassword -Identity $_.SamAccountName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$($_.SamAccountName.ToLower())q3" -Force)
    
    }

    Be careful which OU you run this against. AFAIK the -WhatIf switch doesn't function with Set-ADAccountPassword, so you don't have a safety net.


    Tuesday, August 11, 2015 6:13 PM

All replies

  • Why use "dsmod user"? You are already using the PowerShell cmdlets, so you can use Set-ADAccountPassword.

    Are you saying you have a separate file that contains passwords? How do you associate user accounts with which password they're supposed to have?


    -- Bill Stewart [Bill_Stewart]

    Tuesday, August 11, 2015 5:35 PM
    Moderator
  • Thanks for the reply...

    I originally used ADAccountPassword to change them, but had to set it up as a secure string which required a little more code and dsmod seemed to be cleaner. As far as which account gets which password, I am wanting it match line for line since both variable query the same OU. 

    Once again, this may not be the best way to do this and I am open to other option, this is just what I have and seems really close to what I want it to do.

    Tuesday, August 11, 2015 6:07 PM
  • Here's something you can play with:

    Get-ADUser -Filter * -SearchBase 'OU=Users - TEST,DC=domain,DC=com' | ForEach {
    
        Set-ADAccountPassword -Identity $_.SamAccountName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$($_.SamAccountName.ToLower())q3" -Force)
    
    }

    Be careful which OU you run this against. AFAIK the -WhatIf switch doesn't function with Set-ADAccountPassword, so you don't have a safety net.


    Tuesday, August 11, 2015 6:13 PM
  • Thank you... I will play with that and see where it leads me. Also, thanks for the warning. Good to know I am working in my dev environment. :-)
    Tuesday, August 11, 2015 6:26 PM
  • Thank you so much!!!! That does exactly what I needed. I was thinking I had it over simplified, yet you made it even easier.
    Tuesday, August 11, 2015 6:35 PM
  • Cheers, you're very welcome. That's the beauty of PowerShell in action.


    Tuesday, August 11, 2015 6:41 PM