Need to fill
Give to the IT technician a shortcut to unlock user, change is password and can force the user to change it at the next logon. One shot operation to do all this fastest and easiest as possible.
The Solution
Part 1 - The Script (Reset-User.ps1)
<#
Script to unlock an account, reset the password and force to change it at logon.
You can unlock an account, decide if you want or not to reset his password
and if you want or not he changes his password at the next logon.
To use the function you need to have the ActiveDirectory Module load in your PowerShell.
Version 1.1
Script by Jeremie Lauzier - Network Administrator, 2015-06-12
#>
$username = Read-Host "Username to unlock"
$setnewpassw = Read-Host "Set a new password (Y/N)"
$changenextlogon = Read-Host "Change password at next logon (Y/N)"
Unlock-ADAccount -Identity $username
if ($setnewpassw -eq "Y")
{
$newPassword = (Read-Host -Prompt "Provide a new password" -AsSecureString)
Set-ADAccountPassword -Identity $username -NewPassword $newPassword -Reset
}
if ($changenextlogon -eq "Y")
{
Set-ADUser $username -ChangePasswordAtLogon $true
}
else
{
Set-ADUser $username -ChangePasswordAtLogon $false
}
#Give 1 seconds to the AD to refresh and be able to output the good information.
Start-Sleep -s 1
#Get the result
Get-ADUser $username -Properties * | Format-Table Name, LockedOut, @{n='pwdLastSet';e={[DateTime]::FromFileTime($_.pwdLastSet)}}, PasswordExpired
pause
Part 2 - The Shortcut
Create a shortcut in an accesible place for your technician, like the Desktop, and create this :
%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File C:\Users\USERNAME\Documents\WindowsPowerShell\Scripts\Reset-User.ps1
The Result
 |
| The result of the script Rest-User.ps1 in a shortcut. |
Don't forget
- You need to be logged with a user who have the good rights.
- You need to have set the good right for your Execution Policy.
If you have any comments, please feel free to leave it and thank's for reading.
J.
No comments:
Post a Comment