Link to home
Start Free TrialLog in
Avatar of advserver
advserverFlag for United States of America

asked on

Need to Modify Powershell Script to Reset Passwords for Active Directory Users in Child Domain

I have pasted below a Powershell script which resets users passwords and forces to change at next logon.  
The script uses a csv file for the list of users.  
The script worked in the test environment but the production environment has a child domain where the scripts intended users reside.
What changes must be made in order for this script to be able to reset passwords for users in a child domain and force their password to change at next logon?

*** I cannot use Quest cmdlets***

Import-csv users.csv | foreach {
$Searcher = New-Object DirectoryServices.DirectorySearcher 

  $Searcher.Filter = "(sAMAccountName=$($_.Username))" 
 
  $Result = $Searcher.FindOne() 
  $User = $Result.GetDirectoryEntry() 
 
  $User.SetPassword("Password!") 
  $User.Put("pwdLastSet", 0) 
  $User.SetInfo() 
}

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of advserver
advserver
Flag of United States of America image

ASKER

The Samaccountname will be unique in this case.  

I ran both of the scripts you have listed and received the error pasted below.  Thoughts?


Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
 filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+   $Result = $Searcher.FindOne <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
 filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+   $Result = $Searcher.FindOne <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException
 
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

I hadn't changed the filter, is there a blank line somewhere in the source file?

Chris
Avatar of advserver
advserver
Flag of United States of America image

ASKER

Operator error, that was it!  You rock as always!  I have pasted below which script that I had used.  Thank you!



$SearchRoot = [ADSI]"LDAP://DC=Child,DC=Domain,DC=com"

Import-csv users.csv | foreach {
  $Searcher = New-Object DirectoryServices.DirectorySearcher

  $Searcher.SearchRoot = $SearchRoot
  $Searcher.Filter = "(sAMAccountName=$($_.Username))"
 
  $Result = $Searcher.FindOne()
  $User = $Result.GetDirectoryEntry()
 
  $User.SetPassword("Password!")
  $User.Put("pwdLastSet", 0)
  $User.SetInfo()
}
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Glad it helped :)

Chris
Avatar of advserver
advserver
Flag of United States of America image

ASKER

Quick response! First post was the answer I needed!