TL:DR - PowerShell script for resetting AD passwords, written for a clients specific password requirements.
This script was created for the purpose of assisting Tier 1 Agents in resetting user passwords for a specific client. This client created user passwords based off three parameters specific to the user. This client had 200+ sites across the continential USA and CA, USer info was stored in subdirectories specific to location. These passwords were stored locally in AD as extensionAttributes.
Steps to reset password without script:
-
Open Active Directory Users & Computers
-
Select "View" in top navigation bar, and checkmark "Advanced Options"
-
Navigate to the search field and search for user (john doe)
-
Open users Properties and click "Object"
-
Make note of user object, then scale the AD tree to location. Ex. CompanyA > Users > Employees > Sites > Site > Users >
-
Open user Properties
-
Open "Attribute Editor"
-
Find user password inside extensionAttributes
-
Copy user password from extensionAttribute field
-
Reset user password
-
Select "User cannot change password"
-
Select "User password does not expire"
-
Notify user that password has been reset and to allow 30 minutes for changes to take effect.
Steps required with script
- Launch PS-PasswordReset.ps1 on desktop
- Enter user name using company standard (firstName.lastName)
- Notify user that password has been reset and to allow 30 minutes for changes to take effect.
For Tier 1 Agent unfamiliar with AD, this could potentially cut passwsord reset times down from 8-13 minutes to 1-2 minutes! (A 700% decrease from 14 minutes to 2 minutes) This time percentage does not account for the time potentially saved training new Agents, which can also be drastically lowered.