Changing users password with Power Shell and generate a random password.
Published:
Browse All Articles > Changing users password with Power Shell and generate a random password.
Hi all.
The other day I had to change the passwords for a bunch of users on the fly. Because they were so many, I decided to do it in an automated way and I would like to share it with you all.
If you are not doing it directly in a Domain Controller (DC) you need to install and import the Active Directory (AD) module and you also need the required privileges to change passwords.
This script will check the users in a specified Organizational Unit (OU) without specifying any user, so be careful if you decide to use it.
Warning: If you decide to use this script test it first in a lab environment. Do it at your own risk.
This script will check the users in a specified Organizational Unit (OU) and then generate a random alphanumeric password with 8 char length.
Of course we can do more stuff but I don't want to complicate and I just want to show you how it can be done. This is just one way of doing it.
![PS1.JPG]()
If everything went well, no message is displayed, now you need to open txt file generated by the script and check the usernames and new passwords for the users.
Please note that in my case the defined path to save my files is defined on the beginning of my script like this
[String]$path= ".\NewPass.txt".
![PS2.JPG]()
That's it. I hope it helps someone.
Next time I'll create a new article with more complex things, to search specific object types, select different Organizational Units (OUs) and so on.
Feel free to comment or just to suggest what else you would like to see with PowerShell.
Cheers.
David
The other day I had to change the passwords for a bunch of users on the fly. Because they were so many, I decided to do it in an automated way and I would like to share it with you all.
If you are not doing it directly in a Domain Controller (DC) you need to install and import the Active Directory (AD) module and you also need the required privileges to change passwords.
This script will check the users in a specified Organizational Unit (OU) without specifying any user, so be careful if you decide to use it.
Warning: If you decide to use this script test it first in a lab environment. Do it at your own risk.
This script will check the users in a specified Organizational Unit (OU) and then generate a random alphanumeric password with 8 char length.
Of course we can do more stuff but I don't want to complicate and I just want to show you how it can be done. This is just one way of doing it.
#This is the file that will be generated with the users account ID and the password generated.
[String]$path= ".\NewPass.txt"
#This will check if the file exist and will delete that file so a new one can be created from the scratch
#If the doesn't exist will through an error saying that the file doesn't exist and will continue.
if ($path -ne $null){Remove-Item $path}
<# Required Assembly to Generate Passwords #>
Add-Type -Assembly System.Web
#In my case I created a OU for test purposes here it is.
#You need to change it to meet your requirements.
$OU="OU=Users,OU=Test,OU=SATESTENV,DC=SATESTENV,DC=local"
#Get the users inside the OU specified in the Options Above
$users=Get-ADUser -filter * -SearchBase $OU
foreach($Name in $users.samaccountname){
#Variable that will receive the random password
$NewPassword=[Web.Security.Membership]::GeneratePassword(8,3)
#The code below will change the password and will set the Option to change the password on the next logon.
Set-ADAccountPassword -Identity $Name -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $NewPassword -Force)
Get-ADUser -Identity $Name |Set-ADUser -ChangePasswordAtLogon:$true
#Here will write the info to the file, so you can communicate to your users the new password.
Write-Output "UserID:$name `t Password:$NewPassword" `n`n|FT -AutoSize >>NewPass.txt
}
If everything went well, no message is displayed, now you need to open txt file generated by the script and check the usernames and new passwords for the users.
Please note that in my case the defined path to save my files is defined on the beginning of my script like this
[String]$path= ".\NewPass.txt".
That's it. I hope it helps someone.
Next time I'll create a new article with more complex things, to search specific object types, select different Organizational Units (OUs) and so on.
Feel free to comment or just to suggest what else you would like to see with PowerShell.
Cheers.
David
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (4)
Commented:
Commented:
this is very helpful , but the generated password are very heavy ... how can i make the generated passwords alphanumeric with only lowercase and numbers ? and export it to a csv file ?
thanks
Author
Commented:Thank you all for your comments.
@robert for you to be able to do that with the code above you will need to use regexp, but I believe you can achieve it in a more easy way, check the example below.
In my code I have:
Open in new window
If you change it to:
Open in new window
This will generate a random char only with lower cases.
If you also want to capital letters you need use the ASCII table to check the value of each char, lets see an example.
Open in new window
The output will be a random string.
Now if you want to add numbers, you can do it by adding the ASCII value related with numbers. Lets check it.
Open in new window
I believe this can do the trick, I didn't had to much time to tested it, but I can see that some random passwords could only have letters.
Then you can export it to a csv file piping the variable $finalpass
Open in new window
With this little code you already have the tools to start tweaking and accomplish your goal.
I hope it helps.
Cheers.
D.
Commented:
i have another question i hope im not being annoying ... the exported csv shows like
your help is much appreciated ...