Resetting passwords is a day to day task of helpdesk or IT team and it
also plays crucial role in IT security, here I have written a script which can be
used to reset password, unlocks it. The main thing about this script is
Helpdesk/IT team is resetting password but not aware of the password. Every
time they run script, it generates unique password and that can be sent to AD account
owners Manager or Team Leader over email. It uses my earlier written script to generate unique random password.
This is the primar, how run powershell ps1 script, Copy script content in notepad and save it on c:\temp location (you can
use your own location), Rename extension to ps1.
You will need to make small modification in the script, and will have to
mention “from” email ID (From this email ID managers will receive email) and “SmtpServer”
(Email server) information, this one time.
Once
everything is in place open Command Prompt (cmd), run as administrator.
When you run below command you are opening powershell within command
prompt and executing script file, Also the execution policy is set to
unrestricted so scripts will be executed.
Powershell –NoProfile –ExecutionPolicy unrestricted –File c:\temp\Reset-Account.ps1
ActiveDirectory module will get imported into powershell.
Type valid SAM AD account name (in case you are just hitting enter or wrong
name it will prompt you for the same will not exit until you provide correct
information, As it verifies with AD whether account is valid), next it will ask
whom this email containing password should go. now ask TL to check email.
I hope this is informative and will help someone to implement AD password reset security.
#####################################
## http://kunaludapi.blogspot.com
## Version: 1
## Tested this script on successfully
## 1) Powershell v3
## 2) Windows 2012
##
#####################################
Begin {
Clear-Host
#Check for Active Directory module
if (-not (Import-Module activedirectory)) {
Import-Module activedirectory
}
#Generate Random Password
function Generate-Password {
$alphabets= "abcdefghijklmnopqstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()"
$char = for ($i = 0; $i -lt $alphabets.length; $i++) { $alphabets[$i] }
for ($i = 1; $i -le 9; $i++)
{
$CharArray += Write-Output $(get-random $char)
if ($i -eq 9) {} #write-output `n
}
$CharArray
}
#Get AD user account and validate it
do {
$SamAccountName = Read-Host "`nReset Password For AD Account"
if ($SamAccountName -eq "") {
Clear-Host
Write-Host -Object "`nPlease type AccountName`n" -BackgroundColor Red
continue
}
elseif ($(Get-ADUser -LDAPFilter "(sAMAccountName=$SamAccountName)").SamAccountName -eq $SamAccountName) {
$AccountToReset = Get-ADUser -LDAPFilter "(sAMAccountName=$SamAccountName)"
break
}
else {
Clear-Host
Write-Host -Object "`nTyped Account Name doesn't exists, Please try again`n" -BackgroundColor Red
$Everything_is_fine = $false
}
}
while ($SamAccountName -eq "" -or $Everything_is_fine -eq $false)
Write-Host "`nAccount has been verified and it exists`n" -ForegroundColor Green
$To = Read-Host "`nTL or Manager you want to send password to[Manager@example.com]"
#One Time Information fillup
$From = "donotreply@example.com"
$Subject = "Password reset request for user $SamAccountName"
$SmtpServer = "mail.example.com"
$port = 25
}
Process {
#Reset password and unlock it
$PlainText = Generate-Password
$Password = ConvertTo-SecureString -AsPlainText $PlainText -Force
$AccountToReset | Set-ADAccountPassword -Reset -NewPassword $Password
$AccountToReset | Unlock-ADAccount
Write-Warning "Password reseted and unlocked"
#Send Email
$Body = "$SamAccountName requested for New password and it is $PlainText"
Send-MailMessage -To $To -From $From -Subject $Subject -Body $Body -SmtpServer $SmtpServer -Port 25
Write-Host "Information emailed to Manager or TL" -ForegroundColor Cyan
}
End {
#Write-Host "New password is $PlainText"
Pause
}
I am aware of System.Security.Cryptography.RNGCryptoServiceProvider for solid randomness. but wanted to build this script as a example only. Also this script compiling this to exe will help to more secure it. You can use this script and some more variations to it, example instead of sending an email, password can be sent to user over SMS. (for this User account properties should be have information).Generate random password Powershell.
If your Emails are not syncing then make sure that Auto Sync Data is turned on. For that you can check it from Settings>Data Usage>Menu>Auto Sync Data. If you still face the same issue then it may be problem of the side of email provider or on the app. In that case, delete the cache and data or system cache to start syncing.
ReplyDeleteGmail Support Number UK
Gmail Login Issues
Thanks for sharing Active directory password reset tool tips. for more info i rfer cion systems Active directory password reset tool in USA.
ReplyDelete