asked on Need to Modify Powershell Script to Reset Passwords for Active Directory Users in Child Domain
I have pasted below a Powershell script which resets users passwords and forces to change at next logon.
The script uses a csv file for the list of users.
The script worked in the test environment but the production environment has a child domain where the scripts intended users reside.
What changes must be made in order for this script to be able to reset passwords for users in a child domain and force their password to change at next logon?
*** I cannot use Quest cmdlets***
The script uses a csv file for the list of users.
The script worked in the test environment but the production environment has a child domain where the scripts intended users reside.
What changes must be made in order for this script to be able to reset passwords for users in a child domain and force their password to change at next logon?
*** I cannot use Quest cmdlets***
Import-csv users.csv | foreach {
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.Filter = "(sAMAccountName=$($_.Username))"
$Result = $Searcher.FindOne()
$User = $Result.GetDirectoryEntry()
$User.SetPassword("Password!")
$User.Put("pwdLastSet", 0)
$User.SetInfo()
}
PowershellActive DirectoryWindows Server 2003
Last Comment
advserver
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I hadn't changed the filter, is there a blank line somewhere in the source file?
Chris
ASKER
Operator error, that was it! You rock as always! I have pasted below which script that I had used. Thank you!
$SearchRoot = [ADSI]"LDAP://DC=Child,DC=
Import-csv users.csv | foreach {
$Searcher = New-Object DirectoryServices.Director
$Searcher.SearchRoot = $SearchRoot
$Searcher.Filter = "(sAMAccountName=$($_.User
$Result = $Searcher.FindOne()
$User = $Result.GetDirectoryEntry(
$User.SetPassword("Passwor
$User.Put("pwdLastSet", 0)
$User.SetInfo()
}
$SearchRoot = [ADSI]"LDAP://DC=Child,DC=
Import-csv users.csv | foreach {
$Searcher = New-Object DirectoryServices.Director
$Searcher.SearchRoot = $SearchRoot
$Searcher.Filter = "(sAMAccountName=$($_.User
$Result = $Searcher.FindOne()
$User = $Result.GetDirectoryEntry(
$User.SetPassword("Passwor
$User.Put("pwdLastSet", 0)
$User.SetInfo()
}
Glad it helped :)
Chris
ASKER
Quick response! First post was the answer I needed!
I ran both of the scripts you have listed and received the error pasted below. Thoughts?
Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+ $Result = $Searcher.FindOne <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+ $Result = $Searcher.FindOne <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException