Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### Script to make Office 365 Users change password after on-premise AD account expiry ###
- # Variables
- $AdminName = "<UPN of Account w/ permissions to execute>"
- $Pass = Get-Content "<C:\LocationOfTxtFile>" | ConvertTo-SecureString
- $cred = new-object -TypeName System.Management.Automation.PSCredential -ArgumentList $AdminName, $Pass
- # Set organizational unit searchbase and get users from on-premise AD with expired passwords and enabled accounts
- $ous = "<OU DN>","<OU DN>"
- # Load pshell modules for AD and MSOL, verify loaded
- Function Mod_LoadNLogin_MSOL
- {
- Import-Module ActiveDirectory # Imports AD Module
- if (-not (Get-module activedirectory))
- {
- import-module activedirectory -Force # Force import of AD Module
- }
- Import-Module MSOnline # Imports Microsoft Online Module (Office 365)
- if (-not (Get-module MSOnline))
- {
- import-module MSOnline -Force # Force import MS Online Module
- }
- Connect-MsolService -Credential $cred # Connect to MSOnline w/ credentials supplied in variables
- }
- # Loop through OUs and populate $ADUser w/ AD user information
- # Data Type = List of ADUser objects
- $ADUser = foreach ($ou in $ous){
- get-aduser -filter {(pwdlastset -eq "0") -and (enabled -eq $true)} -SearchBase $ou
- #TODO; If $? -ne $True
- }
- # Iterate through on-premise users, find if they're licensed and when last password change
- ForEach ($i in $ADUser) {
- $MSOLUser = Get-MsolUser -userprincipalname $i.UserPrincipalName | select UserPrincipalName, isLicensed, LastPasswordChangeTimeStamp,@{Name=”PasswordAge”;Expression={(Get-Date)-$_.LastPasswordChangeTimeStamp}} | Where-Object { $_.isLicensed -eq "TRUE" }
- #Write-host $MSOLUser.UserPrincipalName $?
- If (($? -eq $True) -and ($MSOLUser.UserPrincipalName -ne $null) -and ($MSOLUser.UserPrincipalName -ne '')){
- Write-Host "we're going to do something with" $MSOLUser.UserPrincipalName
- ##### set O365 user to change pwd on next login
- Set-MsolUserPassword -UserPrincipalName $MSOLUser.UserPrincipalName -ForceChangePasswordOnly $true -ForceChangePassword $true
- #TODO; If $? -ne $True report error
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement