Active Directory: Bulk User Password Reset by PowerShell

--Anand-- Active Directory, Scripting February 27, 2014May 2, 2014 1 Minute

If you need to reset password for bulk number of user accounts, the following PowerShell scripts is for you.

This first script requires an file with usernames listed one per line. Check the UserList.txt file location in this file. Change your favorite password in ConvertTo-SecureString cmdlet in this script. Then you are good go.

#
# Script: ResetPwd.ps1
# Description: Reset the password for bulk number of users, and
# set the property to change passwrod required at next logon
#
# Written by: Anand Venkatachalapathy
#

Import-Module ActiveDirectory

# Set the default password
$password = ConvertTo-SecureString -AsPlainText “AwesomeP@ssw0rd” -Force

# Get the list of accounts from the file on file
# List the user names one per line
$users = Get-Content -Path c:\MyScripts\UserList.txt

ForEach ($user in $users)
{
    # Set the default password for the current account
    Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset

    #If you need to set the property “Change password at next logon”,
    #leave the next alone. If not, comment the next line
    Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true

    Write-Host “Password has been reset for the user: $user”
}

# ————- End ———–

This second script does bulk password changes for similar named user accounts. e.g., TestUser001 to Testuser100. Change your own password and user account name in the filter.

#
# Script: ResetPwd.ps1
# Description: Reset the password for bulk number of users, and 
# set the property to change password required at next logon
#
# Written by: Anand Venkatachalapathy
#

Import-Module ActiveDirectory

# Set the default password
$password = ConvertTo-SecureString -AsPlainText "AwesomeP@ssw0rd" -Force    # Set the default password for all users named TestUserXX 
# e.g.,TestUser001 to TestUser100
Get-ADUser -Filter { SAMAccountName -like "*TestUser*"} `
| Set-ADAccountPassword -NewPassword $password -Reset
    
#If you need to set the property "Change password at next logon", 
#leave the next alone. If not, comment the next line
Get-ADUser -Filter { SAMAccountName -like "*TestUser*"} `
| Set-AdUser -ChangePasswordAtLogon $true
    

# ------------- End -----------

Published by --Anand--

Being in Silicon Valley for years, I became a IT Infrastructure Geek by experience and surrounded by other Geeks everywhere. I try to help others by the solutions I found on odd occasions. View all posts by --Anand--

Published February 27, 2014May 2, 2014

7 thoughts on “Active Directory: Bulk User Password Reset by PowerShell”

Sohpie says:

September 21, 2014 at 12:24 pm

Anand,
Thanks for the script, I would love to get this working. The script errors when run.
The pw.txt file contains one user name for testing.
I am new to powershell could you assist?

Thanks

Sophie

PS C:\Users\administrator.ACME> $password = ConvertTo-SecureString -AsPlainText “Password99” -Force

PS C:\Users\administrator.ACME> $users = Get-Content -Path c:\q\pwstuff\pw.txt

PS C:\Users\administrator.ACME> ForEach ($user in $users) {Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset}
Get-ADUser : Cannot validate argument on parameter ‘Identity’. The Identity property on the argument is null or empty.
At line:1 char:39
+ ForEach ($user in $users) {Get-ADUser $user | Set-ADAccountPassword -NewPassword …
+ ~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

PS C:\Users\administrator.ACME>

Reply
Sophie says:

September 21, 2014 at 3:23 pm

Anand,
Thanks for posting the script, but it errors when run. I am new to powershell, could you help please?

many thanks

Sophie

The text file contains 1 user for testing.
The error message is as follows:-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PS C:\Users\administrator.ACME> $password = ConvertTo-SecureString -AsPlainText “Password99” -Force

PS C:\Users\administrator.ACME> $users = Get-Content -Path c:\q\pwstuff\pw.txt

PS C:\Users\administrator.ACME> ForEach ($user in $users) {Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset}
Get-ADUser : Cannot validate argument on parameter ‘Identity’. The Identity property on the argument is null or empty.
At line:1 char:39
+ ForEach ($user in $users) {Get-ADUser $user | Set-ADAccountPassword -NewPassword …
+ ~~~~~
+ CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Reply
RRaygun says:

December 16, 2014 at 7:28 pm

Thanks a lot man, script is clean, simple and fast!

Reply
jamesenorwoodjr says:

December 18, 2014 at 7:06 pm

Guys,

I have an excel spreadsheet that has 150 entries of domainname\username. I saved the spreadsheet as a *.csv file called TestCConnAccountstobeReset.csv. I copy past the script w/some the adjustment of the file name, location, and password. I am logged on the company’s main domain, but the accounts are on another domain. In AD, I have located the accounts and verified they are in the other domain, and not in my domain, but the error message below for each account. I know that either I need to change or set the domain that the accounts are located on, but unsure exactly how to do that. I will make some attempts to fix this myself while I wait for suggested solutions. Thanks.
Script
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
# Script: ResetPwd.ps1
# Description: Reset the password for bulk number of users, and
# set the property to change passwrod required at next logon
#
# Written by: Anand Venkatachalapathy
#

Import-Module ActiveDirectory

# Set the default password
$password = ConvertTo-SecureString -AsPlainText “Welcome1” -Force

# Get the list of accounts from the file on file
# List the user names one per line
$users = Get-Content -Path C:\Users\james-norwood\Documents\TestCConnAccountstobeReset.csv

ForEach ($user in $users)
{
# Set the default password for the current account
Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset

#If you need to set the property “Change password at next logon”,
#leave the next alone. If not, comment the next line
Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true

Write-Host “Password has been reset for the user: $user”
}

# ————- End ———–
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ERROR/PROBLEMS
Get-ADUser : Cannot find an object with identity: ‘domainname\username’ under: ‘DC=domainname,DC=com’.
At C:\Users\myname\Documents\Scripts\AD_BulkUsersPasswdResetforFile.ps1:25 char:5
+ Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true
+ ~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (domainname\username) [Get-ADUser], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: ‘domainname\username’ under ‘DC=domainname,DC=com’.,Microsoft.ActiveDirectory.Management.Commands.GetADUser
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Suggested Solution
# Set the Domain
$domain = Get-ADDomain domainname.com
$domain.ManagedBy = myusername #On domainname
Set-ADDomain -Instance $domain
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Final Script with Solution
#
# Script: ResetPwd.ps1
# Modified: AD_BulkUsersPasswdResetforFile.ps1
# Description: Reset the password for bulk number of users, and
# set the property to change passwrod required at next logon
#
# Written by: Anand Venkatachalapathy
#

Import-Module ActiveDirectory

# Set the Domain
$domain = Get-ADDomain domainname.com
$domain.ManagedBy = myusername #On Domain
Set-ADDomain -Instance $domain

# Set the default password
$password = ConvertTo-SecureString -AsPlainText “Welcome1” -Force

# Get the list of accounts from the file on file
# List the user names one per line
$users = Get-Content -Path C:\Users\myname\Documents\TestCConnAccountstobeReset.csv

ForEach ($user in $users)
{
# Set the default password for the current account
Get-ADUser $user | Set-ADAccountPassword -NewPassword $password -Reset

#If you need to set the property “Change password at next logon”,
#leave the next alone. If not, comment the next line
Get-ADUser $user | Set-AdUser -ChangePasswordAtLogon $true
}

# ————- End ———–

Reply
Alice says:

January 19, 2015 at 10:47 am

Great, thanks for sharing the helpful script, I tried this Active Directory Self Service tool ( http://www.lepide.com/active-directory-self-service/ ) which allows to reset self active directory password, unlock locked account from any remote place and keep active directory updated with latest personal details. It sends an email notifications to users in bulk and recovers lost or forgotten password of account without help desk call.

Reply
Kumar says:

March 27, 2015 at 7:35 am

I tried script this script. Now i am using an low cost tool from third party tool. its very impressive one for me.So i want to try that tool guys.

Feel the exp after using it. find here , asn active directory manager

http://www.adsysnet.com/downloads.aspx

Reply
Someguy says:

June 26, 2017 at 4:18 am

Thanks for this. Appreciate this work!

Reply