Bulk password resetting

In an effort to simplify bulk password resets. With a provided CSV of usernames with a “User” heading the below should easily reset their passwords in bulk and force them to pick a new password the next time they log onto a computer.

Import-Module ActiveDirectory
$User = Import-CSV "MyUsers.csv"
#Reset their password to a known common password
$User | Foreach {Get-ADUser -Identity $_.User | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Some_Random_Password_12345" –Force)}
#Force changing of the password at next login
$User | Foreach {Get-ADUser -Identity $_.User | Set-ADUser -Enable $True -ChangePasswordAtLogon $True}
, ,
September 27, 2012 at 3:35 pm Comments (0)

Active Directory account and computer restoration

Active Directory has changed forest functional levels every few years with each iteration adding new features. One of the new features with the 2008 R2 functional level (if enabled) is the Active Directory Recycle Bin. This functionality was available before with the use of LDP and ADSI Edit however the process for restoring accounts has gotten much easier.

Import-Module ActiveDirectory
Get-ADObject -filter {SamAccountName -eq "mydeleteduser"} | Restore-ADObject

Compared to the multiple steps before this is pretty simple.

Now lets attempt to restore a previously deleted computer. First step, get the GUID value

Import-Module ActiveDirectory
Get-ADObject -Filter {(isdeleted -eq $true)-and (Name -like "My_Desktop*")} -IncludeDeletedObjects

Now lets restore the computers

Get-ADObject -Filter {(isdeleted -eq $true) -and (ObjectGUID -eq "Whatever my GUID Value is")} -IncludeDeletedObjects  | Restore-ADObject -TargetPath "CN=Computers,DC=liquidobject,DC=com"

Now the computer has been stored to the built-in computers OU.

, ,
April 16, 2012 at 10:06 am Comments (0)