evetsleep · January 14, 2020 21:05
diff --git a/Reset-ADPassword.psm1 b/Reset-ADPassword.psm1
 function Reset-ADPassword {
    [CmdletBinding(SupportsShouldProcess)]Param(
        [Parameter(Position=0,Mandatory)]
        [String]
        $UserName,

        [Parameter(Position=1)]
        [String]
        $Domain = ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).Name,

        [Parameter(Position=2)]
        [String]
        $OldPassword = (Read-Host -Prompt 'Old password'),

        [Parameter(Position=3)]
        [String]
        $NewPassword = (Read-Host -Prompt 'New Password')
    )

    try {
        $domainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList 'Domain',$Domain
        $flushCache = [System.DirectoryServices.ActiveDirectory.LocatorOptions]"ForceRediscovery"
        $dc = [System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($domainContext,$flushCache).Name
        Write-Verbose -Message ('Using {0}' -f $dc)
    }
    catch {
        Write-Error -ErrorAction STOP -Message ('Failed to locate a domain controller in {0} domain: {1}' -f $Domain,$_.exception.message)
    }

    # Build the LDAP connection string using SSL.
    $ldapString = 'LDAP://{0}:636' -f $dc

    # LDAP filter
    $filter = '(&(objectClass=user)(samaccountname={0}))' -f $UserName

    # Look up the account
    $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
    $directorySearcher.SearchRoot = $ldapString
    $directorySearcher.Filter = $filter

    # Try to find a matching account and if so, get a directory entry for it.
    try {
        $userSearch = $directorySearcher.FindOne().GetDirectoryEntry()
        Write-Verbose -Message ('Found: {0}' -f $userSearch.distinguishedname[0])
    }
    catch {
        Write-Error -ErrorAction STOP -Message ('Failed to find {0} on {1}' -f $UserName,$dc)
    }

    if ($PSCmdlet.ShouldProcess(('{0}' -f $userSearch.distinguishedname[0])) ) {
        $result = [PSCustomObject]@{
            UserName        = $UserName
            Domain          = $Domain
            DN              = $userSearch.distinguishedname[0]
            DC              = $dc
            Success         = $false
        }
        try {
            $userSearch.psbase.Invoke("ChangePassword",@($OldPassword,$NewPassword))
            $userSearch.psbase.CommitChanges()
            $result.Success = $true
        }
        catch {
            Write-Warning -Message ('Failed to reset password on {0}: {1}' -f $UserName,$_.exception.message)
        }
        Write-Output $result
    }
 <#
 .SYNOPSIS
 Resets a users password.

 .DESCRIPTION
 Allows the reset of a user account password so long as the old password is known.

 .PARAMETER UserName
 The user name whose password will be changed.

 .PARAMETER Domain
 The Windows domain the user is in.

 .PARAMETER OldPassword
 The old (current) password.

 .PARAMETER NewPassword
 The new password which must meet complexity requirements and never been used before.

 .EXAMPLE
 Reset-ADPassword -UserName testPWDChange
 Old password: 12adsfadsFs$#
 New Password: 16adsfadsFs%$

 UserName : testPWDChange
 Domain   : testDomain.com
 DN       : CN=testPWDChange,DC=testDomain,DC=com
 DC       : testDomain.com
 Success  : True

 Here we just specify the user name.  The module defaults to the domain of the user who is running PowerShell, so if you are
 using an account in the NA domain to change the password of an account in the NA domain, then you don't have to specify
 a domain.

 .EXAMPLE
 Reset-ADPassword -UserName testPWDChange -Domain testDomain.com -OldPassword 'oldPassword' -NewPassword 'newPassword'
 UserName : testPWDChange
 Domain   : testDomain.com
 DN       : CN=testPWDChange,DC=testDomain,DC=com
 DC       : DC1.testDomain.com
 Success  : True

 .EXAMPLE
 Reset-ADPassword -UserName testPWDChange -Domain testDomain.com
 Old password: 11adsfadsFs##
 New Password: 13adsfadsFs##$$

 UserName : testPWDChange
 Domain   : testDomain.com
 DN       : CN=testPWDChange,DC=testDomain,DC=com
 DC       : DC03.testDomain.com
 Success  : True
 #>
 }
	function Reset-ADPassword {
	[CmdletBinding(SupportsShouldProcess)]Param(
	[Parameter(Position=0,Mandatory)]
	[String]
	$UserName,

	[Parameter(Position=1)]
	[String]
	$Domain = ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).Name,

	[Parameter(Position=2)]
	[String]
	$OldPassword = (Read-Host -Prompt 'Old password'),

	[Parameter(Position=3)]
	[String]
	$NewPassword = (Read-Host -Prompt 'New Password')
	)

	try {
	$domainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext -ArgumentList 'Domain',$Domain
	$flushCache = [System.DirectoryServices.ActiveDirectory.LocatorOptions]"ForceRediscovery"
	$dc = [System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($domainContext,$flushCache).Name
	Write-Verbose -Message ('Using {0}' -f $dc)
	}
	catch {
	Write-Error -ErrorAction STOP -Message ('Failed to locate a domain controller in {0} domain: {1}' -f $Domain,$_.exception.message)
	}

	# Build the LDAP connection string using SSL.
	$ldapString = 'LDAP://{0}:636' -f $dc

	# LDAP filter
	$filter = '(&(objectClass=user)(samaccountname={0}))' -f $UserName

	# Look up the account
	$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher
	$directorySearcher.SearchRoot = $ldapString
	$directorySearcher.Filter = $filter

	# Try to find a matching account and if so, get a directory entry for it.
	try {
	$userSearch = $directorySearcher.FindOne().GetDirectoryEntry()
	Write-Verbose -Message ('Found: {0}' -f $userSearch.distinguishedname[0])
	}
	catch {
	Write-Error -ErrorAction STOP -Message ('Failed to find {0} on {1}' -f $UserName,$dc)
	}

	if ($PSCmdlet.ShouldProcess(('{0}' -f $userSearch.distinguishedname[0])) ) {
	$result = [PSCustomObject]@{
	UserName = $UserName
	Domain = $Domain
	DN = $userSearch.distinguishedname[0]
	DC = $dc
	Success = $false
	}
	try {
	$userSearch.psbase.Invoke("ChangePassword",@($OldPassword,$NewPassword))
	$userSearch.psbase.CommitChanges()
	$result.Success = $true
	}
	catch {
	Write-Warning -Message ('Failed to reset password on {0}: {1}' -f $UserName,$_.exception.message)
	}
	Write-Output $result
	}
	<#
	.SYNOPSIS
	Resets a users password.

	.DESCRIPTION
	Allows the reset of a user account password so long as the old password is known.

	.PARAMETER UserName
	The user name whose password will be changed.

	.PARAMETER Domain
	The Windows domain the user is in.

	.PARAMETER OldPassword
	The old (current) password.

	.PARAMETER NewPassword
	The new password which must meet complexity requirements and never been used before.

	.EXAMPLE
	Reset-ADPassword -UserName testPWDChange
	Old password: 12adsfadsFs$#
	New Password: 16adsfadsFs%$

	UserName : testPWDChange
	Domain : testDomain.com
	DN : CN=testPWDChange,DC=testDomain,DC=com
	DC : testDomain.com
	Success : True

	Here we just specify the user name. The module defaults to the domain of the user who is running PowerShell, so if you are
	using an account in the NA domain to change the password of an account in the NA domain, then you don't have to specify
	a domain.

	.EXAMPLE
	Reset-ADPassword -UserName testPWDChange -Domain testDomain.com -OldPassword 'oldPassword' -NewPassword 'newPassword'
	UserName : testPWDChange
	Domain : testDomain.com
	DN : CN=testPWDChange,DC=testDomain,DC=com
	DC : DC1.testDomain.com
	Success : True

	.EXAMPLE
	Reset-ADPassword -UserName testPWDChange -Domain testDomain.com
	Old password: 11adsfadsFs##
	New Password: 13adsfadsFs##$$

	UserName : testPWDChange
	Domain : testDomain.com
	DN : CN=testPWDChange,DC=testDomain,DC=com
	DC : DC03.testDomain.com
	Success : True
	#>
	}