Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #>
- function Reset-CSPassword
- {
- [CmdletBinding()]
- Param
- (
- [Parameter(Mandatory=$true,
- ValueFromPipelineByPropertyName=$true,
- Position=0)]
- $UserPrincipalName
- )
- # This defines the domain based on domain stored in the $UserPrincipalName variable.
- $Domain = $UserPrincipalName -split '@'
- <# This uses the domain stored in the first position of the array stored in $Domain to retrieve the default password policy for the domain.
- This information is then used to call a .NET class and method which will generate a random password which meets the domain's complexity
- requirements.
- #>
- $PasswordPolicy = Get-ADDefaultDomainPasswordPolicy -Identity $Domain[1]
- # A password which contains at least two alphanumeric characters and exceeds the minimum password length by half is generated.
- $RandomPassword = [System.Web.Security.Membership]::GeneratePassword($PasswordPolicy.MinPasswordLength*1.5,2)
- $NewPassword = ConvertTo-SecureString -String $RandomPassword -AsPlainText -Force
- # The current forest is found by calling a .NET class and method.
- $ForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
- # The first Global Catalog found is stored in the 'Name' property of the variable below.
- $GlobalCatalog = $ForestInfo.FindGlobalCatalog()
- # This is where the function searches for the user on the nearest GC by using the UPN provided. The GC port is appended in the 'Server' parameter.
- $User = Get-ADUser -Filter { UserPrincipalName -Like $UserPrincipalName } -Properties UserPrincipalName,Mail -Server $($GlobalCatalog.Name + ":3268")
- # The password is changed here.
- Invoke-Command -ScriptBlock { $User | Set-ADAccountPassword -NewPassword $NewPassword }
- # The e-mail is sent to the user with their username and password.
- Send-MailMessage -From admin@somedomain.com -To $User.Mail -Subject "Your password has been reset in $($Domain[1])" -Body "
- Per your request, your password has been reset. You may use the following credentials to login:
- Username: $UserPrincipalName
- Password: $RandomPassword
- Please do not reply to this e-mail." -SmtpServer $SmtpServer
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement