With PowerShell and Quest ActiveRoles it's quite easy to do a bulk reset of user passwords. All you need is a .csv file and a few lines of PowerShell.
First we will select the users from the AD which' user accounts we are going to reset. I used dsquery to query an OU and save the output to a .csv file.
dsquery user OU=Users,DC=CONTOSO,DC=COM -limit 1000 > users.csv
Note that the default limit is set on 100 records. Use the -limit parameter to bypass this output limit.
Open the .csv file in excel, insert a row above the data and name this column users.
Open the .csv file in excel, insert a row above the data and name this column users.
Now when we have a .csv file containing all user accounts we are going to reset, it's time to write some PowerShell code. Make sure you're using the ActiveRoles console for this.
Connect-QADService -Proxy
#Read CSV file with usernames
$users = Import-Csv "users.csv"
#New password
$password = "P@ssw0rd01"
foreach($entry in $users) {
$currentuser = $entry.users
Set-QADUser -Identity "$currentuser" -UserPassword $password -UserMustChangePassword $true
$users = Import-Csv "users.csv"
#New password
$password = "P@ssw0rd01"
foreach($entry in $users) {
$currentuser = $entry.users
Set-QADUser -Identity "$currentuser" -UserPassword $password -UserMustChangePassword $true
This script will change the password for every user and it will enforce the users the change their passwords when they login.
Get-Help Set-QADUser -full
1 comment:
You sir are a life saver. Works a treat and exactly what I needed.
Don't forget the close } on the loop though! :)
Post a Comment