<#

.NOTES

===========================================================================

Created on: 4/8/2015 7:00 AM

Updated on: 4/8/2015 10:10 AM

Created by: CS, or /u/challer on Reddit

Organization: Cogenc

Version: 0.1

Filepath: \\Dropbox\PowerShell\Functions

Filename: .\Reset-IHGPassword.ps1

Dependencies: Active Directory Module, Permission to change AD Passwords

===========================================================================

.SYNOPSIS

This advanced function is used to reset a user's password in Active Directory.

.DESCRIPTION

This advanced function is used to reset a user's password in Active Directory

based on a UserPrincipalName. It begins by querying the current forest, then

locating the closest Global Catalog. That domain controller is then queried

for the default password policy for the domain, which is used to generate a

password that exceeds the minimum password length. The password is stored as

a secure string and is used to change the user's password once the user has

been found in Active Directory. Once the user's password is reset, an e-mail

is sent to the address associated with the user object. This e-mail contains

their username and new password.

.EXAMPLE

Reset-CSPassword chris@contoso.com

#>

function Reset-CSPassword

{

[CmdletBinding()]

Param

(

[Parameter(Mandatory=$true,

ValueFromPipelineByPropertyName=$true,

Position=0)]

$UserPrincipalName

)

# This defines the domain based on domain stored in the $UserPrincipalName variable.

$Domain = $UserPrincipalName -split '@'

<# This uses the domain stored in the first position of the array stored in $Domain to retrieve the default password policy for the domain.

This information is then used to call a .NET class and method which will generate a random password which meets the domain's complexity

requirements.

#>

$PasswordPolicy = Get-ADDefaultDomainPasswordPolicy -Identity $Domain[1]

# A password which contains at least two alphanumeric characters and exceeds the minimum password length by half is generated.

$RandomPassword = [System.Web.Security.Membership]::GeneratePassword($PasswordPolicy.MinPasswordLength*1.5,2)

$NewPassword = ConvertTo-SecureString -String $RandomPassword -AsPlainText -Force

# The current forest is found by calling a .NET class and method.

$ForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()

# The first Global Catalog found is stored in the 'Name' property of the variable below.

$GlobalCatalog = $ForestInfo.FindGlobalCatalog()

# This is where the function searches for the user on the nearest GC by using the UPN provided. The GC port is appended in the 'Server' parameter.

$User = Get-ADUser -Filter { UserPrincipalName -Like $UserPrincipalName } -Properties UserPrincipalName,Mail -Server $($GlobalCatalog.Name + ":3268")

# The password is changed here.

Invoke-Command -ScriptBlock { $User | Set-ADAccountPassword -NewPassword $NewPassword }

# The e-mail is sent to the user with their username and password.

Send-MailMessage -From admin@contoso.com -To $User.Mail -Subject "Your password has been reset in $($Domain[1])" -Body "

Per your request, your password has been reset. You may use the following credentials to login:

Username: $UserPrincipalName

Password: $RandomPassword

Please do not reply to this e-mail." -SmtpServer $SmtpServer