Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to get Powershell to return

Posted on 2011-02-14
7
Medium Priority
?
670 Views
Last Modified: 2012-08-13
Experts,
 
         Attached below I have a script that we run in our test LAB. The script should do the following:
1. Search for a user and return password information
2. Ask user if they want to reset the users password based on the info returned
3. Take the user's response and either change the users password or exit script
4. Password activity should be written out to text file.

Thanks, Missymadi
$user = read-host "Enter UserName"
Get-qaduser $User | Select PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, UserMustChangePassword, PasswordIsExpired, PasswordStatus 
$User = read-host "Do you want to reset a user's password?"
$strResponse = Read-Host "[1] Yes, [2] No"

If ($strResponse -eq "1" )

{$users = get-qaduser -samaccountname USERNAME 
$users | %{
set-qaduser -Userpassword 'Test'
get-qaduser -samaccountname $_.samaccountname | Select samaccountname, passwordlastset | out-file c:\PwdChanged.txt -noclobber
}

   else{Write-Host "Exiting Search Script"}
}

Open in new window

0
Comment
Question by:missymadi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34890570
You're not far off it really.

Chris
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

# Ask if they wish to proceed

$Response = Read-Host "Do you want to reset a user's password?`n[1] Yes, [2] No"

# Do the work

If ($Response -eq "1" ) {
  # For each user we found earlier, set the password. Log a few things and the name of the 
  # user running this script 

  $Users | ForEach-Object { Set-QADUser $_.DN -UserPassword 'Test' } |
    Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
    Out-File c:\PwdChanged.txt -Append
}

Open in new window

0
 

Author Comment

by:missymadi
ID: 34892328
Thanks! Worked for me.
I need to tell the user at the end of the script that the password has been changed. What is the syntax to do that?

Thanks, Missymadi
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34894727

We could add in something to tell us about that. Is this what you had in mind?

Chris
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

# Ask if they wish to proceed

$Response = Read-Host "Do you want to reset a user's password?`n[1] Yes, [2] No"

# Do the work

If ($Response -eq "1" ) {
  # For each user we found earlier, set the password. Log a few things and the name of the 
  # user running this script 

  $Users | ForEach-Object { 
    Set-QADUser $_.DN -UserPassword 'Test'
    Write-Host "Password reset for $($_.Name)"
  } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
    Out-File c:\PwdChanged.txt -Append
}

Open in new window

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:missymadi
ID: 34899816
It works great.
How would I  prompt the user to enter their own made up AD passwordm instead of letting the script hardcode the password. What is the syntax to accept a new password and save to AD?

Thanks, Missymadi
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 34899892

The password is just clear text here, so you could always have another Read-Host prompt if that's what you're after :)

Unfortunately we can't easily use the -AsSecureString option which gives you *** as you're typing instead of displaying the typed password. If we did, we'd have to use a rather complex command to get the plain text password back out of it.

Chris
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

# Ask if they wish to proceed

$Response = Read-Host "Do you want to reset a user's password?`n[1] Yes, [2] No"

# Ask fora  password to use

$Password = Read-Host "Please enter a password to use"

# Do the work

If ($Response -eq "1" ) {
  # For each user we found earlier, set the password. Log a few things and the name of the 
  # user running this script 

  $Users | ForEach-Object { 
    Set-QADUser $_.DN -UserPassword $Password
    Write-Host "Password reset for $($_.Name)"
  } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
    Out-File c:\PwdChanged.txt -Append
}

Open in new window

0
 

Author Comment

by:missymadi
ID: 34900343
Great. One more thing I thought of ...what if the password is fat-fingered. How can I force user to type in twice then make sure the two match?

Thanks, Missymadi
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 34900431
Ahh good point. This is a possibility.
# Ask for a username

$Username = Read-Host "Enter UserName"

# Search for the user(s)

$Users = Get-QADUser -SamAccountName $Username | Select-Object Name, DN, 
  PasswordLastSet, PasswordAge,PasswordExpires, PasswordNeverExpires, 
  UserMustChangePassword, PasswordIsExpired, PasswordStatus

# Display the user(s)

$Users

# Ask if they wish to proceed

$Response = Read-Host "Do you want to reset a user's password?`n[1] Yes, [2] No"

# Ask fora  password to use

$Password1 = Read-Host "Please enter a password to use"
$Password2 = Read-Host "Please re-enter the password to confirm"

If ($Password1 -ne $Password2) {

  Write-Host "Passwords do not match. Aborting script." -ForegroundColor Red

} Else {

  # Do the work

  If ($Response -eq "1" ) {
    # For each user we found earlier, set the password. Log a few things and the name of the 
    # user running this script 

    $Users | ForEach-Object { 
      Set-QADUser $_.DN -UserPassword $Password1
      Write-Host "Password reset for $($_.Name)"
    } | Select-Object SamAccountName, PasswordLastSet, @{n='SetBy';e={ $Env:Username }} |
      Out-File c:\PwdChanged.txt -Append
  }
}

Open in new window

Chris
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question