Scenario:
There is a CSV file storing user passwords with four columns: lastName firstName, username, and Password. Such a file is normally for passwords that don’t require change, like students from lower grades. When the password is somehow changed,the user will have to request resetting the password. Normally, the sysadmin will need either the last name and first name, or username before locating the password in the CSV file and resetting it in Active Directory.
Goal:
To use a powershell script to streamline the whole process without having to open AD and the CSV file.
Method:
Step 1: Create a folder named Password Reset, move the CSV file named Password.csv to the folder and create a PS1 file in the same folder.
Step 2: writing the powershell script:
# import Active Directory moduel
import-module ActiveDirectory
# Locate the CSV file path by defining a variable named csvPath, the path can be defined by joining the path of the powershell script: $PSScriptRoot and its childpath "Passwords.csv".
$csvPath = Join-Path -Path $PSScriptRoot -ChildPath "Passwords.csv"
#Import the CSV file and name it Users
$users = import-csv -Path $csvPath
#When first running the script, ask for user input using Read-Host, let user choose either Username or "First+Last name"
$selection = Read-Host "Do you want to reset the password by (1) Username or (2) First + Last Name? Please enter 1 or 2"
#If the user selects method 1: username.
if ($selection -eq "1") {
#define user by asking for user input of the username using Read-Host.
$username = Read-Host "Username"
#Define user by matching user unout and the username column. This line searches the imported CSV data for a user with the specified username.
$user = $users | Where-Object {$_.username -eq $username}
#if the username is not empty: $user -ne $null means if $user is not equal to Null.
if ($user -ne $null){
#try the following command
try{
#Use Set-AdAccountPassword to reset password: Define the identity using user.username, Reset the new password: ConvertTo-SecureString converts the plain text password to a secure string. Add -Force to force it.
Set-ADAccountPassword -Identity $user.username -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $user.Password -Force)
#Define a message saying that password has been reset to selected user
$message = "Password reset for $($user.username): $($user.password)"
#Display the message
Write-host $message
#Copy the message to clipboard in case you need to send it to the requester.
$message | set-clipboard
#Use Catch in case an error occurs. $_ holds the last error that has occurred.
} catch {
Write-Host "Error resetting password: $_"
}
} else {
#otherwise, the user is not found
Write-Host "User not found"
}
#If user selection is 2: first name and last name
} elseif ($selection -eq "2") {
#Ask for user input first name and last name
$firstName = Read-Host "First name"
$lastName = Read-Host "Last name"
#Searches for firstname and last name in the csv file
$user = $users | Where-Object {$_.FirstName -eq $firstName -and $_.lastName -eq $lastName}
#if such a user exists
if ($user -ne $null){
try{
#Use Set-AdAccountPassword to reset password: Define the identity using user.username, Reset the new password: ConvertTo-SecureString converts the plain text password to a secure string. Add -Force to force it.
Set-ADAccountPassword -Identity $user.username -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $user.Password -Force)
#Define a message saying that password has been reset to selected user
$message = "Password reset for $($user.username): $($user.password)"
#Display the message
Write-host $message
#Copy the message to clipboard in case you need to send it to the requester.
$message | set-clipboard
} catch {
Write-Host "Error resetting password: $_"
}
} else {
Write-Host "User not found"
}
} else {
#If user did not type in 1 or 2, it shows that it's invalid.
Write-Host "Invalid selection. Please restart the script and select either 1 or 2."
}