Bulk user password reset powershell script

As IT administrators, we often face the task of resetting user passwords in Active Directory (AD) environments. Whether it’s due to security concerns, employee turnover, or forgotten passwords, this manual process can be time-consuming and error-prone. In this blog post, we’ll explore a PowerShell script that streamlines the bulk user password reset, ensuring compliance with password policies and enhancing security. There are the two methods which you can follow for resetting passwords. Either you have username and passwords value in csv file or you have username only in csv file and want to generate random passwords for users.

The script we’ll be discussing follows these key steps:

1. Import the Active Directory module: The script starts by importing the Active Directory PowerShell module, which provides cmdlets for managing AD objects.
2. Load the CSV file: The script then imports a CSV file containing the usernames and new passwords for the accounts that need to be reset.
3. Iterate through the users: Using a foreach loop, the script iterates through each user in the CSV file.
4. Reset the password: For each user, the script resets the password using the Set-ADAccountPassword cmdlet. The new password is obtained from the CSV file and converted to a secure string.
5. Set the “Change Password at Next Logon” flag: The script sets the ChangePasswordAtLogon property of the user object to $true, ensuring that the user must change their password on their next login.
6. Display the username and password: The script outputs the username and the newly assigned password in a table format, making it easy to review the changes.
7. Report the total number of accounts processed: Finally, the script displays the total number of accounts for which the password was reset.

This script streamlines the password reset process in several ways:

1. Bulk operations: By processing multiple user accounts from a CSV file, the script avoids the need to manually reset passwords one by one, saving valuable time and effort.
2. Compliance with password policies: The script ensures that the new passwords meet the required length and complexity requirements, as specified in the script.
3. Improved security: By forcing users to change their passwords on their next login, the script enhances the overall security of the AD environment, reducing the risk of unauthorized access.
4. Reporting and tracking: The script provides clear output, displaying the usernames and new passwords, as well as the total number of accounts processed. This information can be useful for record-keeping and auditing purposes.

To use this script, you’ll need to have the Active Directory PowerShell module installed and configured on your system. Additionally, you’ll need to prepare a CSV file with the usernames and new passwords for the accounts that need to be reset. The CSV file should contanin username, password

Import-Module ActiveDirectory

# Import the CSV file
$Resetpassword = Import-Csv "c:\PS\passwordchanges.csv"

# Store CSV file into $Resetpassword variable
foreach ($User in $Resetpassword) {
    # For each user in the CSV file, reset the password
    $username = $User.username
    $password = $User.Password
    Set-ADAccountPassword -Identity $username -Reset -NewPassword (ConvertTo-SecureString $password -AsPlainText -force)
    Set-ADUser -Identity $username -ChangePasswordAtLogon $true
    # Print the username and password in a table format
    
    Write-Host "$username`t$password"
}

Write-Host "Password changed"

# Print the total number of accounts processed
$total = $Resetpassword.Count
Write-Host "Total accounts processed: $total"
Write-Host "Accounts passwords have been reset..."

If you want to generate random password for bulk users then use the below powershell script.

# Set the password requirements
$minLength = 8
$maxLength = 8

# Define the character sets for password generation
$alphaChars = [char[]]'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
$numChars = [char[]]'0123456789'
$specialChars = [char[]]'!@#$%^&*()_+{}[]|\:;"''<>,.?/'

# Read the input CSV file with the user accounts
$inputUsers = Import-Csv -Path 'c:\PS\passwordchanges.csv'

# Create the output CSV file with the generated passwords
$outputPasswords = [System.Collections.Generic.List[PSCustomObject]]::new()
foreach ($user in $inputUsers) {
    $username = $user.username
    $password = [string]::Concat(($alphaChars + $numChars + $specialChars | Get-Random -Count (Get-Random -Minimum $minLength -Maximum ($maxLength + 1))))
    $outputPasswords.Add([PSCustomObject]@{
        'username' = $username
        'password' = $password
    })
    Set-ADUser -Identity $username -ChangePasswordAtLogon $true
    Write-Host "Username: $username, Password: $password"
}
$outputPasswords | Export-Csv -Path 'c:\output_passwords.csv' -NoTypeInformation

Write-Host "Password changes complete. The generated passwords have been saved to the 'output_passwords.csv' file."

By leveraging the power of PowerShell and the Active Directory cmdlets, IT administrators can streamline the password reset process, improve security, and ensure compliance with organizational policies. This script can be a valuable tool in your IT management toolbox, saving time and enhancing the overall efficiency of your AD environment.