powershell AD密码重置脚本
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了powershell AD密码重置脚本相关的知识,希望对你有一定的参考价值。
#####################################
## http://kunaludapi.blogspot.com
## Version: 1.2
## Tested this script successfully on
## 1) Powershell v3
## 2) Windows 2012
## 3) Email support
##
#####################################
[CmdletBinding()]
Param()
Begin {
Clear-Host
$DebugPreference = "SilentlyContinue"
$VerbosePreference = "SilentlyContinue"
#Check for Active Directory module
if (-not (Import-Module activedirectory)) {
Import-Module activedirectory
}
if ($PSCmdlet.MyInvocation.BoundParameters["Debug"].IsPresent)
{
$DebugPreference = "Continue"
}
if ($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent)
{
$VerbosePreference = "Continue"
}
#Generate Random Password
function Generate-Password {
$alphabets = "abcdefghijklmnopqstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*()"
$char = for ($i = 0; $i -lt $alphabets.length; $i++) { $alphabets[$i] }
for ($i = 1; $i -le 9; $i++)
{
$CharArray += Write-Output $(get-random $char)
if ($i -eq 9) {} #write-output `n
}
$CharArray
}
#Get AD user account and validate it
do {
$SamAccountName = Read-Host "`nReset Password For AD Account"
if ($SamAccountName -eq "") {
Clear-Host
Write-Host -Object "`nPlease type user logon name`n" -BackgroundColor Red
continue
}
elseif ($(Get-ADUser -LDAPFilter "(sAMAccountName=$SamAccountName)" -searchbase "{SEARCHBASE}").SamAccountName -eq $SamAccountName) {
$AccountToReset = Get-ADUser -Properties givenName, Surname, EmailAddress -LDAPFilter "(sAMAccountName=$SamAccountName)" -searchbase "{SEARCHBASE}"
break
}
else {
Clear-Host
Write-Host -Object "`nTyped Account Name doesn't exists, Please try again`n" -BackgroundColor Red
$Everything_is_fine = $false
}
}
while ($SamAccountName -eq "" -or $Everything_is_fine -eq $false)
}
Process {
$title = "Reset Password"
$message = "Are you sure you want to reset the password?"
$0 = New-Object System.Management.Automation.Host.ChoiceDescription "Choice &0", "Send password reset email"
$1 = New-Object System.Management.Automation.Host.ChoiceDescription "Choice &1", "Reset password"
$2 = New-Object System.Management.Automation.Host.ChoiceDescription "Choice &2", "Cancel"
$options = [System.Management.Automation.Host.ChoiceDescription[]]($0, $1, $2)
$result = $host.ui.PromptForChoice($title, $message, $options, 0)
if ($result -eq 2)
{
Exit
}
#Reset password and unlock it
$PlainText = Generate-Password
$Password = ConvertTo-SecureString -AsPlainText $PlainText -Force
$AccountToReset | Set-ADAccountPassword -Reset -NewPassword $Password
#$AccountToReset | Unlock-ADAccount
Write-Verbose "Password resetted to $PlainText"
#One Time Information fillup
if ($result -eq 0)
{
$msg = New-Object System.Net.Mail.MailMessage
$msg.From = "{email_address}"
$msg.To.Add($($AccountToReset.EmailAddress))
$msg.Subject = "Password Reset Request for $($AccountToReset.givenName) $($AccountToReset.Surname)"
$msg.Body = "New password is $PlainText"
$client = New-Object System.Net.Mail.SmtpClient("", "")
$client.UseDefaultCredentials = $false
$client.Credentials = New-Object System.Net.NetworkCredential("{id}", "{password}")
$client.Port = 587
$client.Host = "email-smtp.eu-west-1.amazonaws.com"
#$client.Host = "email-smtp.us-east-1.amazonaws.com"
$client.EnableSSL = $true
#Send Email
$client.Send($msg)
Write-Verbose "Password Reset Email Sent"
}
}
End {
Pause
}
以上是关于powershell AD密码重置脚本的主要内容,如果未能解决你的问题,请参考以下文章
powershell [AD - 创建/编辑AD用户]通过powershell创建/编辑AD用户,使用纯文本密码#Windows #Powershell #ActiveDirectory