Link to home
Create AccountLog in
Avatar of advserver
advserverFlag for United States of America

asked on

Need to Modify Powershell Script to Reset Passwords for Active Directory Users in Child Domain

I have pasted below a Powershell script which resets users passwords and forces to change at next logon.  
The script uses a csv file for the list of users.  
The script worked in the test environment but the production environment has a child domain where the scripts intended users reside.
What changes must be made in order for this script to be able to reset passwords for users in a child domain and force their password to change at next logon?

*** I cannot use Quest cmdlets***

Import-csv users.csv | foreach {
$Searcher = New-Object DirectoryServices.DirectorySearcher 

  $Searcher.Filter = "(sAMAccountName=$($_.Username))" 
 
  $Result = $Searcher.FindOne() 
  $User = $Result.GetDirectoryEntry() 
 
  $User.SetPassword("Password!") 
  $User.Put("pwdLastSet", 0) 
  $User.SetInfo() 
}

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of advserver

ASKER

The Samaccountname will be unique in this case.  

I ran both of the scripts you have listed and received the error pasted below.  Thoughts?


Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
 filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+   $Result = $Searcher.FindOne <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
 filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+   $Result = $Searcher.FindOne <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException
 

I hadn't changed the filter, is there a blank line somewhere in the source file?

Chris
Operator error, that was it!  You rock as always!  I have pasted below which script that I had used.  Thank you!



$SearchRoot = [ADSI]"LDAP://DC=Child,DC=Domain,DC=com"

Import-csv users.csv | foreach {
  $Searcher = New-Object DirectoryServices.DirectorySearcher

  $Searcher.SearchRoot = $SearchRoot
  $Searcher.Filter = "(sAMAccountName=$($_.Username))"
 
  $Result = $Searcher.FindOne()
  $User = $Result.GetDirectoryEntry()
 
  $User.SetPassword("Password!")
  $User.Put("pwdLastSet", 0)
  $User.SetInfo()
}

Glad it helped :)

Chris
Quick response! First post was the answer I needed!