Avatar of advserver
advserver
Flag for United States of America asked on

Need to Modify Powershell Script to Reset Passwords for Active Directory Users in Child Domain

I have pasted below a Powershell script which resets users passwords and forces to change at next logon.  
The script uses a csv file for the list of users.  
The script worked in the test environment but the production environment has a child domain where the scripts intended users reside.
What changes must be made in order for this script to be able to reset passwords for users in a child domain and force their password to change at next logon?

*** I cannot use Quest cmdlets***

Import-csv users.csv | foreach {
$Searcher = New-Object DirectoryServices.DirectorySearcher 

  $Searcher.Filter = "(sAMAccountName=$($_.Username))" 
 
  $Result = $Searcher.FindOne() 
  $User = $Result.GetDirectoryEntry() 
 
  $User.SetPassword("Password!") 
  $User.Put("pwdLastSet", 0) 
  $User.SetInfo() 
}

Open in new window

PowershellActive DirectoryWindows Server 2003

Avatar of undefined
Last Comment
advserver

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Chris Dent

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
advserver

ASKER
The Samaccountname will be unique in this case.  

I ran both of the scripts you have listed and received the error pasted below.  Thoughts?


Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
 filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+   $Result = $Searcher.FindOne <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

Exception calling "FindOne" with "0" argument(s): "The (sAMAccountName=) search
 filter is invalid."
At D:\power shell commands\stores\reset pw ps\PasswordReset.ps1:9 char:30
+   $Result = $Searcher.FindOne <<<< ()
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException
 
Chris Dent


I hadn't changed the filter, is there a blank line somewhere in the source file?

Chris
advserver

ASKER
Operator error, that was it!  You rock as always!  I have pasted below which script that I had used.  Thank you!



$SearchRoot = [ADSI]"LDAP://DC=Child,DC=Domain,DC=com"

Import-csv users.csv | foreach {
  $Searcher = New-Object DirectoryServices.DirectorySearcher

  $Searcher.SearchRoot = $SearchRoot
  $Searcher.Filter = "(sAMAccountName=$($_.Username))"
 
  $Result = $Searcher.FindOne()
  $User = $Result.GetDirectoryEntry()
 
  $User.SetPassword("Password!")
  $User.Put("pwdLastSet", 0)
  $User.SetInfo()
}
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Chris Dent


Glad it helped :)

Chris
advserver

ASKER
Quick response! First post was the answer I needed!