Create a windows password reset tool in Powershell

0Shares
Reading Time: 3 minutes

Creating the windows password reset tool

Back in my early IT days, i was tasked with resetting  active directory passwords or unlocking them whenever a user forgot their login. After resetting countless passwords over and over, I decided to make a small script that can automatically do this for and provide user information. That is how this windows password reset tool was born.

The Code

Write-Host "Password Reset and Unlock Tool`n" -ForegroundColor Yellow

$User = Read-Host "Enter in a Username"
    try{
        Get-ADuser $User -properties * | select Name,LockedOut,Enabled,@{n='Password Last Reset';e={$_.PasswordLastSet}},@{n="Job Title";e={$_."Description"}},@{n='Email';e={$_."EmailAddress"}},TelephoneNumber,Office | fl
        $Name = (Get-ADUser $User -Properties Name).name
        }
    catch{
        Write-Warning "$User is incorrect or does not exist.`nTry again"
        \\FileOfYourScript.ps1
        }

    try{
        $Manager = (get-aduser (get-aduser $User -Properties manager).manager).samaccountname
        Get-ADUser $Manager -Properties * | Select @{n="Managers Name";e={$_."Name"}},@{n='Managers Email';e={$_."EmailAddress"}},@{n='Managers Number';e={$_."TelephoneNumber"}} | fl
        }
    catch{
        Write-Host "Manager info not set in AD" -ForegroundColor Yellow
        }


$Correct = Read-Host "Is this the correct user? Y or N"
if ($Correct -eq 'y') {
    if (((get-aduser $user -Properties LockedOut).LockedOut -eq $true) -or ((get-aduser $user -Properties Enabled).Enabled -eq $false)){
        Write-Warning "Account for $Name appears to be locked"
        $Lockout = Read-Host "Would you like to unlock $Name ? Y or N"
            if ($Lockout -eq 'Y'){
                try{
                    Enable-ADAccount $User
                    Unlock-ADAccount $User
                    Write-Host "Sucessfully unlocked account for $Name" -ForegroundColor Green
                }
                catch{
                    Write-Warning "Unable to unlock account for $Name, Try again"
                    \\FileOfYourScript.ps1
                }
            }
            else{
                Write-Warning "Account unlock not selected"
            }
        }
    else{
        Write-Host "$Name's Account is not locked or disabled" -ForegroundColor Green
    }


    $Reset = Read-Host "Would you like to reset $Name's password? Y or N"
    if ($Reset -eq 'Y'){
        Write-Warning "Make sure to verify last 4 #s of Social"
        $Match = Read-Host "Do the last 4 digits of the Social match?"
        if ($Match -eq 'y'){
            try{
                $Password = ConvertTo-SecureString -AsPlainText "Password1" -Force ##Temp Password
                Write-Output "Resetting Password to Password1"
                Set-ADAccountPassword $User -NewPassword $Password -Reset #Sets new password
                Set-ADUser $User -ChangePasswordAtLogon $true #Makes user reset password at logon
                Write-Host "Password has been reset. $Name must change password at next login`n" -ForegroundColor Green
            }
            catch{
                Write-Warning "Unable to reset password maybe due to a permission issue`nReopening script..."
                Start-Sleep -Seconds 1
            }
        }
        else{
            Write-warning "Password not reset"
        }

    }

    else{
        Write-Warning "Password not reset"
     }

    \\FileOfYourScript.ps1
}

else{
    Write-Host "Reopening script..."
    \\FileOfYourScript.ps1
}


How it works

The script will check AD for an entered Samaccountname. If nothing is found, the script will restart. Once a correct username is entered, it will also check AD if it has manager info and display that as well. The script will have you confirm that the user info you entered is correct and it will automatically unlock the account and give you the option to reset the password. Make sure to be able to run the AdUser command, install the remote server administration tools feature. First open a Windows PowerShell session with elevated privileges. You can do this by right-clicking the shortcut and selecting Run As Administrator.
Now use the following command to import the ServerManager module: Import-Module ServerManager
Once you have done this, you can install individual features by name using the Add- Windowsfeature cmdlet. To display a list of the Command IDs for all of the roles and features available for installation, use this command: Get-WindowsFeature. You can then use the following command to install the Active Directory Module for Windows PowerShell and ADAC features: Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter. The cmdlet automatically installs all of the dependent elements the two features require.



Interested in learning powershell?

Check out “Windows PowerShell Cookbook: The Complete Guide to Scripting Microsoft’s Command Shell” if you’re interested in creating more powershell scripts for your environment. This introduction to the PowerShell language and scripting environment provides more than 400 task-oriented recipes to help you solve all kinds of problems. Intermediate to advanced system administrators will find more than 100 tried-and-tested scripts they can copy and use immediately. This comprehensive cookbook includes hands-on recipes for common tasks and administrative jobs that you can apply whether you’re on the client or server version of Windows. You also get quick references to technologies used in conjunction with PowerShell, including format specifiers and frequently referenced registry keys to selected .NET, COM, and WMI classes.

 

Download the script on github

This post is located under the Programming Category

0Shares

admin

Leave a Reply

Your email address will not be published.