Setting a password with powershell script, and emailing it to a recipient.

This is a quick and dirty powershell script to generate a random complex password, and set the password for a specific user and email it to someone.

Using this powershell script and task scheduler, it is possible to schedule a password change and then email that newly generated password to a specific user. The password generated is a complex password. The biggest disadvantage of this is that the password is emailed in an unencrypted form.

Pre-Requisites:

The only pre-requisite is that you have an SMTP available to you. (or you could just google for one)

 

Making Changes:

The changes that need to be made are:

$user = “username” needs to be set to the username of the user you want to change (we change the supply user password here)

From = “sendingserver@youraddress” – Adding the sending name (i.e. who it is from) noreply@mydomain.com

To = “recipiant@youraddress” – This was set to my own email address, more addresses can be added in this format “address1@domain”,”address2@domain” with no spaces.

Smtpserver = “your.smtp.server” – This is the last change that you need to make. Set this to your SMTP relay server.

 

When each of these changes have been made that should be it. as long as the powershell script is run as an administrator then it will generate, set and email the password.

Powershell Script:

# Reset Password and notify by e-mail.

#Import AD Module 
Import-Module ActiveDirectory

#Set User to be edited
$User = "username"



#Needed to generate random password 
add-type -AssemblyName "System.Web" 

#Generates a 9 character password with a minimum of 2 special characters
#see https://msdn.microsoft.com/en-us/library/system.web.security.membership.generatepassword(v=vs.110).aspx for details.
$Password=[System.Web.Security.Membership]::GeneratePassword(9,2)

#Set Account password
Set-ADAccountPassword $User -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $Password -Force)

$messageParameters = @{
Subject = "New Password for $User User." 
Body = "
The password has been change for $User.  
The password is now $Password.

This is an automated process, Written by Karl woods.

My Signature went here.
"
From = "sendingserver@youraddress" 
To = "recipiant@youraddress"
SmtpServer = "your.smtp.server"
} 
Send-MailMessage @messageParameters

Setting the task to run on powershell on a schedule:

Save this as a powershell script, something like “changeuserpassword.ps1”

  • Open the task scheduler, and “select create basic task”
  • On the basic task wizard give the task a name that makes it identifiable. e.g. “change xxx weekly”
  • Select your chosen trigger – I have the task run weekly at 16:00
  • Select run a program and in the Program/Script section add powershell.exe
  • Under the section “Add arguments (optional):” add “-nologo -file “C:\Scripts\ChangeSupplyPassword.ps1″” (substituting “c:\scripts\Changesupplypassword.ps1” with the path to your script.)
  • Once you selected finish, you will need to change the user that runs program as per the picture. As long as the user has modify access to your user in AD then, everything should work as expected.

I found at this point it is a good idea to right click on the selected task and hit run.

One thought on “Setting a password with powershell script, and emailing it to a recipient.

  1. interesting solution. How would you modify this script to reset passwords this way for all users in specific OU’s?

Let me know what you think...