Ok. Bad Pun.  I’ll pay for that later.

This seems obvious and it really isn’t difficult.  But like a lot of new people, I found if Powershell did something IMMEDIATE to make my job easier?  I tend to use it more.

How about resetting Active Directory passwords?  As a bonus forcing that password to be reset when the user log’s in?

It’s a simple task in Powershell but it should be shared.  As always I use the Quest Active Roles Management Shell.   It also doesn’t care if you’re running Powershell V1 or V2.

———- Reset password —————–

$alias=READ-HOST ‘UserID to Reset’
$password=READ-HOST ‘Temporary Password’ -assecurestring

SET-QADUSER $alias -password $password -userMustChangePassword $TRUE

———- Reset password —————-

So it’s really simple.  Now if you DON’T want to force the user to change their password at next logon?  Change the $TRUE to read $FALSE

But to really make it useful, I want it permanently in my shell environment.  There are just certain things I prefer at my finger tips ALL the time.  So made this into a simple function and added it directly to my profile.

In Powershell, the path to YOUR Powershell profile is in $PROFILE.  I prefer using NOTEPAD to edit mine. Just type in


To make this as a function useful all the time add these lines near the top or bottom of your profile

function global:ResetPW ( $Alias, $tempPassword ) {

$password=convertto-securestring -asplaintext -force $temppassword
SET-QADUSER $alias -password $password -userMustChangePassword $TRUE

Now what you can do (the next you load Powershell is type

resetpw username password

Where username is the name of the user you are resetting and password is the temporary (or new) permanent password.   If you have password complexity rules it will of course have to abide by them.

Enjoy Powershell and save time!

The Energized Tech