-
Notifications
You must be signed in to change notification settings - Fork 5
/
Reset-ADPasswordExpiration.ps1
83 lines (69 loc) · 2.86 KB
/
Reset-ADPasswordExpiration.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
function Reset-ADPasswordExpiration {
<#
.SYNOPSIS
Resets AD Password Expiration by changing date of pwdlastset to now.
.DESCRIPTION
Resets AD Password Expiration by changing date of pwdlastset to now.
.NOTES
Script by Daniel Wood (https://github.com/danielewood).
Code is licened under Unlicense / CCZero / WTFPL / Public Domain.
.LINK
https://github.com/danielewood/misc/tree/master/powershell
.EXAMPLE
Reset-ADPasswordExpiration -SamAccountName dwood -Verbose
VERBOSE: $Identity = dwood
VERBOSE: Changed pwdlastset from 131615616553652266 to Now
VERBOSE: Changed pwdlastsetDate from 1/27/2018 21:20:55 to Now
DistinguishedName : CN=Daniel Wood,OU=Users,DC=contoso,DC=com
SamAccountName : dwood
pwdlastset : 131753201776369314
pwdlastsetDate : 7/6/2018 3:09:37 AM
OLDpwdlastset : 131615616553652266
OLDpwdlastsetDate : 1/27/2018 9:20:55 PM
.EXAMPLE
Get-ADUser -Filter {samaccountname -like 'dwoo*'} | Reset-ADPasswordExpiration
DistinguishedName : CN=Daniel Wood,OU=Users,DC=contoso,DC=com
SamAccountName : dwood
pwdlastset : 131753201776369314
pwdlastsetDate : 7/6/2018 3:09:37 AM
OLDpwdlastset : 131615616553652266
OLDpwdlastsetDate : 1/27/2018 9:20:55 PM
DistinguishedName : CN=David Woodard,OU=Users,DC=contoso,DC=com
SamAccountName : dwoodard
pwdlastset : 131753201776369314
pwdlastsetDate : 7/6/2018 3:09:37 AM
OLDpwdlastset : 131649253057717289
OLDpwdlastsetDate : 3/7/2018 7:41:45 PM
#>
[CmdletBinding()]
param (
[Parameter(
Mandatory=$True,
ValueFromPipeline=$True,
HelpMessage="SamAccountName or DistinguishedName")]
[alias("SamAccountName","DistinguishedName")]
[string[]] $Identity,
[Parameter(Mandatory=$False)]
[switch] $WhatIf
) # end param
begin {}
process {
$User = Get-ADUser -Identity "$Identity" -properties pwdlastset
$Oldpwdlastset = $User.pwdlastset
Write-Verbose "`$Identity = $Identity"
Write-Debug "`$User = $User"
Write-Debug "`$Oldpwdlastset = $Oldpwdlastset"
$User.pwdlastset = 0
Set-ADUser -Instance $User -WhatIf:($WhatIf)
$User.pwdlastset = -1
Set-ADUser -instance $User -WhatIf:($WhatIf)
Write-Verbose "Changed pwdlastset from $Oldpwdlastset to Now"
Write-Verbose "Changed pwdlastsetDate from $([datetime]::FromFileTimeUTC($Oldpwdlastset)) to Now"
Get-ADUser -Identity "$Identity" -properties pwdlastset |
Select DistinguishedName, SamAccountName, pwdlastset,
@{ Label=”pwdlastsetDate”; Expression={[datetime]::FromFileTimeUTC($_.pwdlastset)} },
@{ Label=”OLDpwdlastset”; Expression={$Oldpwdlastset} },
@{ Label=”OLDpwdlastsetDate”; Expression={[datetime]::FromFileTimeUTC($Oldpwdlastset)} }
} # end process
end {}
} # end function