Reset and manage your Active Directory users' Passwords
Active Directory is one of the most esential and important tool in any company whether small or big. In most cases big companies have uncountable amount of tools to maintain and protect users and their credentials however almost most of those companies are not prepared to the time when their systems have been compromised or to say the least their servers have been hacked or encrypted by ransomware which is something we hear very often nowadays like the case with Louisiana Hospital that was attacked by Ransomware exposing the data of 270000 patients.
What if your users passwords were compromised and you’re not sure who is still safe or not but you need to act as fast as possible?
To act fast, I created a script that would generate a complex 32 Char long password with 4 different Non Alphanumeric Characters using the System.Web.Security.Membership class. here’s an example of this password:
The script details
The script will first check if you have the Powershell Get and ImportExcel Module installed, if not it’ll ask you to install it or not.
You will need to amend few things
1- The path to reflect where you want to save the Logs, CSV and Excel sheet. as of now it’s in c:\SyncReports.
2- Importing users, In the script I am grabbing users directly from a specific OU in AD. so you’ll need to decide how you want to do it. I have added another line in case you’re planning to
3- The password reset command is setup with -whatif parameter for you to test this before you run it. so just remember to remove it when you’re done with the changing and testing.
I have added mailbody and send-message command to send the excel as an attachment along with the excel password protection.
Running the script will result in the following
Once you get the Excel sheet and try to open it, you will realize that it’s password protected. The password should be in the email body that’s sent in the script.
Excel sheet result will be looking as follows: