Using PowerShell to Reset Active Directory Passwords in Bulk

Home > Blogs > PowerShell > Using PowerShell to Reset Active Directory Passwords in Bulk

Using PowerShell to Reset Active Directory Passwords in Bulk

Like This Blog 7Rick Trader
Added by September 19, 2014

See our complete Course Schedule for upcoming training.

Classes are held in Phoenix, AZ and can be attended online from anywhere in the world with RemoteLive™.

Instructor: Rick Trader

 Video Transcription:


Video Transcription:

One of the issues you might run into after using a bulk import tool into your Active Directory database is all your User Accounts come into the database with no passwords.

As a result of them coming into the database with no passwords, they’re going to be Disabled Accounts. In this short blog, I will show you how to reset all your user passwords in a specific OU along with enabling those accounts using Windows PowerShell.

First, let me show you the objects. In the Active Directory users and computers, specifically in a container called Propulsion and I have 50 User Objects.

001-Resetting-Active-Directory-User-Passwords-using-PowerShell

These user objects were all imported using the CSVDE utility. They were a part of a comma delimited file. The file included items such as Distinguished Name, their Display Name, User Type, along with what Description they’re in and it also includes their Department.

Notice that every one of these objects are disabled? I’m going to use PowerShell to set each of these User Object Passwords or and also at the same time enable the account.

I could, if it was one or two accounts, right click on the account and choose reset password

002-Resetting-Active-Directory-User-Passwords-using-PowerShell

and put in the user password and then do the next user and the next user and the next user.

003-Resetting-Active-Directory-User-Passwords-using-PowerShell

After about an hour, hour and a half of resetting these 50 accounts, I’d be done.

One thing I do want you to notice is when I’m resetting the account there’s this notification called User must change password at next log on. I could either enable or disable that.

0035-Resetting-Active-Directory-User-Passwords-using-PowerShell

In this case, I’m going to leave it enabled with the PowerShell script.

But there is one of the attributes on one of the properties that we could set that would not require them to change their password. We’re going to put in a default password. Let’s go ahead and get started.

The first thing I’m going to do is launch my PowerShell prompt. If you’re using PowerShell v2, you’ll need to import the Active Directory module. If you’re using PowerShell v3 or v4, you will not have to import the module, but I’m going to go ahead and import it anyway.

You may also like:  Methods to Enable and Disable Remote Desktop Locally

004-Resetting-Active-Directory-User-Passwords-using-PowerShell

The Active Directory module will be imported. This also when I actually run the command here in a few seconds, you won’t actually see it load the Active Directory module behind the scenes.

005-Resetting-Active-Directory-User-Passwords-using-PowerShell

We’ve now loaded the Active Directory manifest. I’m going to go ahead and do a CD/, so I have more room to type.

006-Resetting-Active-Directory-User-Passwords-using-PowerShell

PowerShell cannot pass a cleartext password to Active Directory.

I’m going to go ahead and set a variable for my password. I’m going to use the dollar sign $ and I’m going to call a PWD for my password = I’ll have it read my host and then I’m going to have it entered as a Secure String.

007-Resetting-Active-Directory-User-Passwords-using-PowerShell

This way what’ll happen is it’ll convert my password that I’m going to type in to secure string. If I hit enter, it’s going to ask me for my password.

008-Resetting-Active-Directory-User-Passwords-using-PowerShell

I’ll have to type in a password that meets the complexity requirements of Active Directory. Now, if I just do a $pwd to bring up the variable, notice it says my variable is a SecureString.

009-Resetting-Active-Directory-User-Passwords-using-PowerShell

I’ll now be able to pass this into my Active Directory environment. I’m going clear the screen.

The next thing I want to do is I want to go get my AD-users. If I want to get a specific AD-user, I could get one account and I could type in here the account.

010-Resetting-Active-Directory-User-Passwords-using-PowerShell

I’m going to do a filter. I want to find all the User Accounts that are Disabled inside the OU because it came in as a disabled account. I don’t want to be resetting passwords for user objects that were already enabled. So I’ll set Enabled is equal to false.

011-Resetting-Active-Directory-User-Passwords-using-PowerShell

I also wanted to do a -SearchBase inside a specific OU. The OU will be Propulsion in a domain container USSHQ in the domain container local.

012-Resetting-Active-Directory-User-Passwords-using-PowerShell

All I’m going to do here is I’m just going to hit enter and have it bring me back the results.

I want to make sure these are the use. I’m going to go ahead and run it and notice it brings up all my user objects.

013-Resetting-Active-Directory-User-Passwords-using-PowerShell

Once it runs, I’m just going to go look and notice any one of the users. I have a user called Shaun Sparks. They’re not enabled. They’re user object and they are located in the proportion OU.

014-Resetting-Active-Directory-User-Passwords-using-PowerShell

These are the users I want to reset the password for.

You may also like:  How to Retrieve Operating System Information Using a Command Line

I always want to do this first. I want to make sure I’m resetting the appropriate User Object. I’m going to come in. I’m just going to up arrow once and now I’m going to pipe [ | ], so that as an object gets added in to the pipeline it’ll run the next command on here.

015-Resetting-Active-Directory-User-Passwords-using-PowerShell

The command I’m going to run is Set‑ADAcountPassword and I’ll do a TAB complete and it eventually will work around AD account password.

Then, space and I’m going to put in a ‑NewPassword as the attribute, space.

016-Resetting-Active-Directory-User-Passwords-using-PowerShell

My new password is dollar sign $PWD

017-Resetting-Active-Directory-User-Passwords-using-PowerShell

That is the variable I just set. Then I want to do a -reset, so it resets the actual password. Now I’m going to do a –PassThru so it passes the object through to Active Directory.

018-Resetting-Active-Directory-User-Passwords-using-PowerShell

At the same time, I want to enable the AD account. –enable‑adaccount, so that will enable the account.

019-Resetting-Active-Directory-User-Passwords-using-PowerShell

All this will be done at one time. Now, if I wanted to do something like set a password that never expires, I could set that attribute.

If I wanted to set it for the user didn’t have to change their password at logon, there’s attribute for change password at logon. I would set that to false. I simply do this. I hit enter and it’s going through and “no news is good news”.

I minimize PowerShell. I’ll come back into my Propulsion OU, and refresh the OU.

020-Resetting-Active-Directory-User-Passwords-using-PowerShell

Notice all of my User Accounts have just gone green. They’re all no longer disabled and all these User Accounts have been reset to a default password.

If I double-click on any account and I go and I look at the account profile, notice this check down here. The user doesn’t have to change their password, but they will because it was set that way when I reset the password.

021-Resetting-Active-Directory-User-Passwords-using-PowerShell

Using PowerShell, I can actually reset hundreds and even thousands of accounts in a manner of minutes, instead of right-clicking each user and changing the data individually.

 

Until next time, write safe…
Rick Trader

Windows Server Instructor – Interface Technical Training 

Phoenix, AZ

 

Videos You May Like

Agile Methodology in Project Management

0 57 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 98 1

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

2 192 1

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

See what people are saying...

  1. Bill Sentience

    Real helpful putting the script snippets in images rather than copy-pastable text.

  2. NickyAdam

    what is the script for having the user change password at next logon in powershell

  3. Rick Trader

    Nikhil – If you know the OU for the user / users you are wanting to reset the passwords on just modify the -Searchbase parameter to the desired OU path. If you are resetting users in multiple OUs I would recommend you reset the users in each OU separately.

    If they are all disabled accounts you could filter for those accounts that are disabled across multiply OUs, you have to ensure that the accounts you are wanting to reset are the only disabled accounts if you are using this method.

    Hope this helps.

    Rick

  4. Nikhil

    is it possible to reset password of user’s from different OU ??

  5. Suzette Ritchey

    Thanks so much. Great tutorial. I was sweating it! All fixed!

  6. Andrew

    Thanks for sharing. I also wrote an article that will compliment yours about the top Active Directory Powershell commands to use to manage your AD environment http://www.networkangel.net/top-8-active-directory-powershell-scripts

  7. Ryan

    Nicely described procedure! Thanks for sharing this. I also share a useful resource http://www.selfservicepasswordreset.net/ If anyone wants to avoid the difficulties involved in resetting password through PowerShell.

Share your thoughts...

Please fill out the comment form below to post a reply.