ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    AD User Tool: Bulk AD User

    Scheduled Pinned Locked Moved IT Discussion
    server 2012 r2securityadactive directory domaindomainactive directorypassword resetpassword
    15 Posts 8 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @gjacobse
      last edited by

      @gjacobse said in AD User Tool: Bulk AD User:

      @DustinB3403 said in AD User Tool: Bulk AD User:

      I'd use powershell . . .

      https://gallery.technet.microsoft.com/scriptcenter/Reset-password-for-all-412fbc72#content

      You did see the part where I don't PS.... right?

      Of course I did, but everything is written out on that site. It'd be super simple to do this.

      1 Reply Last reply Reply Quote 1
      • gjacobseG
        gjacobse
        last edited by

        For those that PS here is what I think I need to do for the actual reset command. I have two OUs

        Set-OSCADAccountPassword -OrganizationUnti "NYusers" "VAusers" -Password "somepasswordhardstring" -CSVPath "c:\report\result.csv"
        
        1 Reply Last reply Reply Quote 2
        • coliverC
          coliver
          last edited by

          Let me get to a computer. This is a two line ps script that can be knocked out in a few minutes. If you're doing Windows administration you really should be learning powershell. Nothing else really grants you the same... Power as it does for Windows.

          1 Reply Last reply Reply Quote 1
          • Deleted74295D
            Deleted74295 Banned @gjacobse
            last edited by

            @gjacobse said

            Other than a PS script - which I don't PS,

            Then you are 10 years behind everyone else.

            1.0 came out November 2006. - With additional versions MS and many vendors have been encouraging its usage. Its such a powerful tool, even if you just learn the basic cmds so you can understand what -get does, you can look up commands online.

            1 Reply Last reply Reply Quote 0
            • dbeatoD
              dbeato
              last edited by

              Well, I am assuming you have setup a password expiration policy? If so, it will be as easy as selecting all the users in AD through RSAT and make sure their password never expires check box is not checked. They should be prompted to chnage the next time they try to login on the computers.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • J
                joelbarlow40
                last edited by

                You can try the following command

                Specify the OU

                $OU = [ADSI]"LDAP://ou=West,dc=MyDomain,dc=com"

                Enumerate all objects in the OU.

                $arrChildren = $OU.Get_Children()
                ForEach ($User In $arrChildren)
                {
                # Only consider user objects.
                If ($User.Class -eq "user")
                {
                # Set password.
                $User.Invoke("SetPassword", "pAs$w0rd")
                # Expire the password.
                $User.pwdLastSet = 0
                $User.SetInfo()
                }
                }

                Also, you can check the following link for more details.

                https://technet.microsoft.com/en-us/library/ee617195.aspx

                1 Reply Last reply Reply Quote 1
                • DashrenderD
                  Dashrender @dbeato
                  last edited by

                  @dbeato said in AD User Tool: Bulk AD User:

                  Well, I am assuming you have setup a password expiration policy? If so, it will be as easy as selecting all the users in AD through RSAT and make sure their password never expires check box is not checked. They should be prompted to chnage the next time they try to login on the computers.

                  Why is this an assumption? Frequent forced password changes actually defeat security more often than help it. I suppose you could have a yearly change requirement, but is that even needed if you are using otherwise good passwords?

                  NIST recently rewrote their password recommendations getting rid of the change suggestion and password complexity components. Sadly I don't think they recommended long enough passwords - 8 characters.
                  http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf

                  dbeatoD 1 Reply Last reply Reply Quote 0
                  • J
                    JackCPickup
                    last edited by

                    Any reason you can't bulk select in AD and tick the option to force change on next logon? Are there just that many different OUs that it'd take ages?

                    1 Reply Last reply Reply Quote 0
                    • dbeatoD
                      dbeato @Dashrender
                      last edited by

                      @Dashrender If there is no password expiration policy unchecking the password never expires will not have much effect as far as I remember. I usually setup a password change GPO based on HIPAA guidelines.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @dbeato
                        last edited by

                        @dbeato said in AD User Tool: Bulk AD User:

                        @Dashrender If there is no password expiration policy unchecking the password never expires will not have much effect as far as I remember. I usually setup a password change GPO based on HIPAA guidelines.

                        Sure, but so what? He wants to force a change now.

                        dbeatoD 1 Reply Last reply Reply Quote 0
                        • dbeatoD
                          dbeato @Dashrender
                          last edited by

                          @Dashrender Then, he needs to force it with Powershell no just a GUI....

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @dbeato
                            last edited by

                            @dbeato said in AD User Tool: Bulk AD User:

                            @Dashrender Then, he needs to force it with Powershell no just a GUI....

                            Agreed.

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post