Interactive Powershell script to reset password age in AD

Lennart Giaccotto
Lennart Giaccotto used Ask the Experts™
on
I am looking for a script to reset the password age for a specific useraccount in our AD. I found the script that makes this happen:

$User = Get-ADUser username -properties pwdlastset 
$User.pwdlastset = 0 
Set-ADUser -Instance $User 
$user.pwdlastset = -1 
Set-ADUser -instance $User

Open in new window


Wat i need is a way for our helpdesk to use this script without having to change the username everytime they use the script. This can be done by adding a prompt to enter the username and a check if this is correct but i have no experience with powershell how to give a prompt to fill in a variable.

Can someone show me how this is done? I prefer to use it in combination with the function Show-Menu so i can add more functionality to the script in a later stage .
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Here's a function you can use. It returns -1 if the user canceled, 0 if success, and 1 if an error occurred.
The user can enter a wildcard as well; if more than one match is found, a list will pop up and allow a selection.
Function Reset-ADUserPasswordAge() {
	Do {
		$ADUser = $Null
		$SamAccountName = Read-Host -Prompt "Please enter the user's SamAccountName; '*' is allowed as wildcard for part of the name"
		If (-not $SamAccountName) {
			"Operation canceled." | Write-Warning
			Return -1
		}
		If (-not ($ADUser = Get-ADUser -Filter "SamAccountName -like '$($SamAccountName)'" -Properties DisplayName, PwdLastSet)) {
			"User '$($SamAccountName)' not found!" | Write-Warning
		}
	} Until ($ADUser)
	If ($ADUser.Count -gt 1) {
		$SelectionList = $ADUser | Select-Object -Property SamAccountName, DisplayName, GivenName, SurName, DistinguishedName
		$SelectedUser = $SelectionList | Out-GridView -Title 'Multiple users were found; please select one.' -OutputMode Single
		If (-not $SelectedUser) {
			"Operation canceled." | Write-Warning
			Return -1
		}
		$ADUser = $ADUser | Where-Object {$_.SamAccountName -eq $SelectedUser.SamAccountName}
	}
	Try {
		"Processing '$($ADUser.SamAccountName)' ($($ADUser.DisplayName)) ..." | Write-Host -ForegroundColor White -NoNewline
		$ADUser.PwdLastSet = 0 
		Set-ADUser -Instance $ADUser -ErrorAction Stop
		$ADUser.PwdLastSet = -1 
		Set-ADUser -instance $ADUser -ErrorAction Stop
		' OK.' | Write-Host -ForegroundColor Green
		Return 0
	} Catch {
		'' | Write-Host
		$_.Exception.Message | Write-Error
		Return 1
	}
}

Open in new window

Lennart GiaccottoAdministrator

Author

Commented:
Thank you for your awnser oBdA. If I place this in a file and run it nothing happens. no error or anything else/

**edit**

I see this is a function which in turn i have to call before it does anything(?)
Most Valuable Expert 2018
Distinguished Expert 2018
Commented:
Since you wanted to use this in a larger context, I put it into a function. You can just call it from anywhere outside the function:
Function Reset-ADUserPasswordAge() {
	... etc. from above 
}
$Result = Reset-ADUserPasswordAge

Open in new window

Or just remove or comment the very first and the very last line (leaving lines 2-34, included, from above), so that you can call it directly as a script.
Lennart GiaccottoAdministrator

Author

Commented:
Thanks! This works just fine. I still can't get it working in the Show-Menu option but the script itself works great!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial