<

Go Premium for a chance to win a PS4. Enter to Win

x

Active Directory Password Reset Tool

Published on
4,645 Points
345 Views
3 Endorsements
Last Modified:
Shaun Vermaak
My name is Shaun Vermaak and I have always been fascinated with technology and how we use it to enhance our lives and business.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.

Benefits


  • Sets a unique, secure password on each password reset
  • Helpdesk employee users do not need to use or install RSAT (at least not for those only resetting passwords)
  • End-users do not get passwords such as Password1 or Company1 and continue with this bad practice by continuing with passwords such as Password2 or Company2


Implementation


1) Download and extract PasswordResetTool.zip (here is VirusTotal scan) to a folder of your choice.


2) Run Configurator.exe (Configurator Editor).

a) On the Settings tab, enter the FQDN and NetBIOS for the domain on for which Password Reset Tool needs to reset passwords for

b) Specify length that passwords should be reset to for user and administrator accounts

c) Save the configuration file


Demo Execution


Once configuration has been completed, the Password Reset Tool can be executed

Once the Reset Password button is pressed, the specified user account password is reset to a pronounceable, random password


After the process, the connection password and user field are cleared.


Relevant Code


DirectoryEntry directionEntry = new DirectoryEntry(domainPath, domainName + "\\" + connectionUserName, @connectionPassword);
    if (directionEntry != null)
    {
        DirectorySearcher search = new DirectorySearcher(directionEntry);
        search.Filter = "(SAMAccountName=" + userToReset + ")";
        SearchResult result = search.FindOne();
        if (result != null)
        {
            DirectoryEntry userEntry = result.GetDirectoryEntry();
            if (userEntry != null)
            {
                userEntry.Invoke("SetPassword", new object[] { password });
                userEntry.Properties["pwdLastSet"].Value = 0;
                userEntry.Properties["LockOutTime"].Value = 0x0000;
                userEntry.CommitChanges();
            }
        }
    }
    return password;


Conclusion


Using initial secure and unique passwords during reset contributes to a far more secure environment.


Please do not forget to press the "Thumb's Up" button if this article was helpful and valuable for EE members.


It also provides me with positive feedback. Thank you!



3
Comment
  • 2
3 Comments
 
LVL 16

Expert Comment

by:Ajit Singh
Great! I have bookmarked this.

Will definitely give try and let you know.

Is this similar like other self service password reset solutions like these:

https://www.manageengine.com/products/self-service-password/self-service-password-reset.html

https://www.lepide.com/active-directory-self-service/

Mostly they are paid solution and yours is free of cost.

Is there any other key point just for knowledge to keep in mind.
0
 
LVL 37

Author Comment

by:Shaun Vermaak
Hi Ajit

This is more geared toward helpdesk, resetting other user's passwords

Regards
Shaun
1
 
LVL 37

Author Comment

by:Shaun Vermaak
I do have a password-self-help portal, will post in the next few weeks
2

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Join & Write a Comment

This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month