Share via

PowerShell Password Reset

SourSnacks 101 Reputation points
2021-04-12T21:07:44.11+00:00

Trying to reset users passwords to a default that I'm using as a standard then force them to reset their password at next login. The users are scattered in AD within different OUs, but I was able to export a .csv with the users. The .csv that was exported has "Name", "Email", "Site", and "Position" fields. I'm not sure if the field information helps any.

Windows for business Windows Server User experience PowerShell
0 comments
Accepted answer
  1. Andreas Baumgarten 123.4K Reputation points MVP Volunteer Moderator
    2021-04-13T05:05:12.317+00:00

    @SourSnacks ,

    you need a file with the samAccountName of the users. The file with "Name", "Email", "Site", and "Position" fields doesn't work.

    Use the script on your own risk. Not tested by myself. 

    $users = Get-Content -Path "UserNameList.txt"  
foreach ($user in $users) {  
    # Set password  
    Set-ADAccountPassword -Identity $user -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)  
    # Set ChangePasswordAtLogon  
    Set-ADUser -Identity $user -ChangePasswordAtLogon $true  
    }

    The text file should contain only the username (samAccountName) of the users (one per row).
    For instance:

    Username1
    Username2
    Username3

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 123.4K Reputation points MVP Volunteer Moderator
    2021-04-12T21:22:26.253+00:00

    Hi @SourSnacks ,

    the best would be to have the samAccountName of the user.
    With the samAccountName you can use these 2 PowerShell cmdlets to set the password of the user and the option to force the change of the password at next login: 

    # Set the password  
Set-ADAccountPassword -Identity TESTUSER -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)  

# Set ChangePasswordAtLogon  
Set-ADUser -Identity TESTUSER -ChangePasswordAtLogon $true

    https://learn.microsoft.com/en-us/powershell/module/activedirectory/set-adaccountpassword?view=windowsserver2019-ps
    https://learn.microsoft.com/en-us/powershell/module/activedirectory/set-aduser?view=windowsserver2019-ps

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

  2. Anonymous
    2021-04-13T07:09:46.307+00:00

    Hi,

    You should export SamAccountName or UserPrincipalName because Name is not unique in your domain. AD users in different OUs may have the same Name. If you have samAccountName in the csv file you can reset user passwords like below 

    $file = 'C:\temp\user.csv'  
$password = ConvertTo-SecureString -String "Password01!" -AsPlainText -Force  
Import-Csv -Path $path | ForEach-Object{  
    $samAccountName = $_.samAccountName  
    $user = Get-ADUser -Filter {samAccountName -eq $samAccountName}  
    if($user){  
        Set-ADAccountPassword -Identity $user -NewPassword $password -Reset  
        Set-ADuser -Identity $user -ChangePasswordAtLogon $true  
    }  
    else{  
        Write-Host "$samAccountName not found"  
    }      
}

    Best Regards,
    Ian Xue

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.