PS script to change passwords and email them

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 9 months ago.

  • Author
    Posts
  • #5357

    by generalcornwallis at 2012-12-17 07:45:40

    Hello,

    I have been recently trained in active directory. The AD training covered some powershell in it but I am certainly no expert. I am, sadly, the closest thing to an "Expert" that there is here at my organization. I have been trying for about a week to get a script together that does the following:

    Resets all users paswords in an OU to something unique for each user
    Securely emailing those passwords to the user

    Is this even possible with powershell? From what I have found you can't pipe email addresses to send-mailmessage, but of course that isnt even a secure method of mailing passwords. Any feedback is welcome.

    EDIT: The purpose of this is because we are finally getting off of the old samba/linux DC and moving to AD. We are a small organization so there are less than 800 users.

    by ArtB0514 at 2012-12-17 08:51:35

    What we ususally do is to set the initial password to something like "012345" and require password change on first login and tell the user to login within 24 hours. After that, we verify that the password has changed and, if not, we change the password again and notify the user's manager.

    If what you are looking for is just a list of random passwords, then this is a brute force way to generate a bunch of 10 character strings using upper and lower letters, number, and symbols.
    $String = 'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z',
    'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z',
    '1','2','3','4','5','6','7','8','9','0','!','@','#','$','%','^','&','*','(',')','_','+','='
    $Passwords = @()
    0..800 | foreach {
    $pw = ""
    0..10 | foreach {$pw += $String | Get-Random}
    $Passwords += $pw
    }

    by generalcornwallis at 2012-12-18 11:24:43

    Thanks for the reply, Art. The random code is far less of a problem as making send-mailmessage work with a list. Seems send-mailmessage cant accept a piped output so I cant send to anyone even if i had the damn thing working right. Foreach is also a problem. Ive seen many examples of its use but it remains a problem for me.

    by nohandle at 2012-12-18 11:38:41

    You are looking just for simple foreach loop, you have list of users (from AD) and you pipe them to foreach-object like in this model situation:
    < #some way to get the user objects#>|ForEach-Object {

    #for each object that is passed to pipeline do all these actions
    # $_ represents the current object in pipeline - the user you work with
    # saving it in new variable is not necessary but makes this example more readable
    $currentUser = $_

    $password = #some function to genereate passoword
    $ErrorDuringMailSend = $null
    Send-MailMessage -Subject "this is your new password" -From "admin@company.com" -ErrorVariable ErrorDuringMailSend -To $CurrentUser.email
    if ($ErrorDuringMailSend)
    {
    #there was error sending the mail do some action like logging it
    }

    }

    by generalcornwallis at 2012-12-19 09:48:23

    nohandle,

    Here is the script I am working with currently. It is similar to how you suggested but not quite the same.

    if(@(get-module | where-object {$_.Name -eq "ActiveDirectory"} ).count -eq 0) {import-module ActiveDirectory}
    $accounts=get-aduser -filter * -searchbase "ou=test,dc=my,dc=company" -properties * |where {$_.Enabled -eq "True"}| where { $_.EmailAddress -ne $null }|where { $_.EmailAddress -ne "UNKNOWN" }
    $bigwords="Red","Purple","Green","Yellow","Orange","Blue","Brown","Black","Aqua","Navy","Magenta","White"
    $littlewords="cat","dog","horse","cow","chicken","pig","donkey","mule","sheep","goat","duck","goose","turkey"
    $outfile="h:\result.txt"
    $smtpserver="mysmtpserver"
    $from="myemailaddress"
    $subject="Test email subject"
    $body="Test email body"

    function randpass
    {
    $pwdcreate=""
    $randomnum12= get-random -maximum 12
    $pwdcreate=$bigwords[$randomnum12] + "."
    $a=0
    do {
    $a++
    $randomnum12 = get-random -maximum 12
    $word=$littlewords[$randomnum12]
    #write-host $word
    $pwdcreate= $pwdcreate + $word + "."
    #write-host $pwdcreate
    }
    While ($a -lt 2)
    $b=0
    do {
    $b++
    $randomnum10 = get-random -maximum 10
    $pwdcreate=$pwdcreate + $randomnum10
    #write-host $pwdcreate
    }
    while ($b -lt 4)
    return $pwdcreate
    }

    foreach ($x in $accounts)
    {
    $currentuser = $_
    $temppass=randpass
    Set-ADAccountPassword -Identity $x -reset -Newpassword (ConvertTo-SecureString -AsPlainText $temppass -Force)
    "$X : $temppass"|out-file -append $outfile
    Send-MailMessage -From $from -To $currentuser.mail -Subject $subject -Body $body -smtpserver $smtpserver
    }

    After running the script I get this error for each user in my test OU. I believe after this hurdle is taken care of I can finely tune this script.
    Send-MailMessage : Cannot validate argument on parameter 'To'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
    At H:\scripts\Untitled8.ps1:43 char:34
    + Send-MailMessage -From $from -To $to -Subject $subject -Body $body -smtpserver $ ...
    + ~~~
    + CategoryInfo : InvalidData: (:) [Send-MailMessage], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.SendMailMessage

    by nohandle at 2012-12-20 00:12:10

    You try to assign $to variable to the 'To' parameter but you don't create the variable first. Create the variable and assign email address to it.

    by generalcornwallis at 2012-12-20 08:54:38

    I got it working now, finally. Thanks to everyone for their help. This is the code I ended up with at the bottom:
    $users = import-csv "h:\test.csv"
    foreach($user in $users){
    Get-ADUser -Identity $user.samaccountname -Properties *
    $temppass=randpass
    Set-ADAccountPassword -Identity $user.samaccountname -reset -Newpassword (ConvertTo-SecureString -AsPlainText $temppass -Force)
    $username=$user.samaccountname
    $body="Your COMPANY password needs to be changed. You can log into the COMPANY WEBSITE to change your password. Your username is $username and your temporary password is: $temppass"
    Send-MailMessage -From $from -To $user.mail -Subject $subject -Body $body -smtpserver $smtpserver
    }

You must be logged in to reply to this topic.