Basic AD Admin Console

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of DukeSilver DukeSilver 2 months ago.

  • Author
    Posts
  • #69057
    Profile photo of Adam
    Adam
    Participant

    Hello!
    To start off, I have 0 powershell experience. In fact I don't have much programming experience in general. That being said, here's what I'm looking for:

    The basic idea is to be able to unlock or reset passwords for an entire OU at once. The commands themselves to unlock, enable, and password reset work- as I already use these now. However I'm trying to build them into a simple admin console. Here's what I put together over the past hour with a little googling...

    Import-Module activedirectory

    cd /

    $loop = 0
    while ($loop eq 0)
    {
    $action = Read-Host -Prompt 'Choose an option:
    1-Unlock Accounts
    2-Enable Accounts
    3-Reset Passwords'

    if ($action eq '1')
    {
    $ou = read-host -Prompt 'Enter OU Name'
    get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Unlock-ADAccount
    }

    if ($action eq '2')
    {
    $ou = read-host -Prompt 'Enter OU Name'
    get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Enable-ADAccount
    }

    if ($action eq '3')
    {
    $ou = read-host -Prompt 'Enter OU Name'
    $pwd = Read-Host "Enter desired password:" -AsSecureString
    $change = read-host "Force password change at logon? [y] [n]}
    if ($change eq 'y')
    {get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Set-ADAccountPassword NewPassword $pwd -Reset -PassThru -change passwordatnextlogon $true Unlock-ADAccount}
    if ($change eq 'n')
    {get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Set-ADAccountPassword NewPassword $pwd -Reset -PassThru Unlock-ADAccount}
    Cls
    }

    Upon completion, I would like it to just start over with the choose an option prompt.

    I know this script is butchered to hell and probably extremely inefficient, if at all correct. Partially attempting this just to learn. Any help is greatly appreciated!

    _Adam

  • #69066
    Profile photo of DukeSilver
    DukeSilver
    Participant

    Since I don't see where you set your variable $loop to anything but 0, the While loop you have should continue to loop until $loop is set to something other than 0. Does it loop continuous for you?

  • #69072
    Profile photo of DukeSilver
    DukeSilver
    Participant

    You'll want to put a – in-front of your eq operator, otherwise it'll complain about that, example:

    if ($action -eq '1')

    Error handling, what if a user accidentally enters anything other than 1, 2, or 3? Right now, the script won't do anything other than a clear screen, and just continuously loop. What if I selected Option 3 and hit anything other than a 'y' or 'n'? Just a few things to think about on handling a mis-type.

    You'll want to have some sort of exit from the loop, by changing $loop to something other that 0. Maybe 'E-Exit' and have a corresponding IF statement to handle the exit...?

    I would suggest moving the

    if ($change -eq 'y')

    and

    if ($change -eq 'n')

    under the If for Option 3, something like:

    	if ($action -eq '3')
    	{
    		$ou = read-host -Prompt 'Enter OU Name'
    		$pwd = Read-Host "Enter desired password:" -AsSecureString
    		$change = read-host "Force password change at logon? [y] [n]
    
    		if ($change -eq 'y')
    		{
    			get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Set-ADAccountPassword -NewPassword $pwd -Reset -PassThru -change passwordatnextlogon $true | Unlock-ADAccount
    		}
    		if ($change -eq 'n')
    		{
    			get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Set-ADAccountPassword -NewPassword $pwd -Reset -PassThru | Unlock-ADAccount
    		}
    	}
    

    Also don't forget the – in-front of NewPassword, which I added in the code above. I also think you're missing the | before

    Unlock-ADAccount

    for the change [y] [n] part.

You must be logged in to reply to this topic.