Active Directory - Search User, Unlock Account, Reset Pass, Require New Pass

Hello there,

I am very new to PowerShell and I am working on utilizing it in my new job.
I am most familiar with C# but haven’t programed anything in it in quite some time.

I am trying to create a PowerShell script that will do (at least) the following:

  • Ask for AD Username.
  • Search AD for that username and display error message if not found.
  • Display the searched user’s AD info (to verify I have selected the correct user).
  • Reset the user’s password to a password I have generated.
  • Check to make sure the password I set meets the requirements set in AD.
  • Unlock the user’s account (if locked).
  • Require that the user create a new password at the next login.

I have been working on tis on-and-off this week and this is one of the scripts I am working with currently:

### ADSearchANDPassReset.ps1

Set-Location C:
Push-Location C:

### Get AD Username as Input.
$ADName = Read-Host -Prompt 'Enter username to EDIT'

### Display user found message.
Write-Host "The user "$ADName "has been found!"

### Get New Password as input.
$NewPass = Read-Host "Enter NEW Password" -AsSecureString

### Reset AD User's password with New Password.

Set-ADAccountPassword $ADName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$NewPass" -Force -Verbose) -PassThru

Read-Host -Prompt "Press Enter to exit"

Here are the Problems I have with my script so far:
(And things I’ll need help on)

  • No error-checking for searching for $ADName. (Always says “has been found”)
  • I am able to enter any password I want (even if it doesn’t meet the requirements set by AD).
    (the password doesn’t get set to this but I don’t get an error message either).
  • Not sure how to check for a locked account and unlock it.
  • No success/error message after resetting password.

Those are the features I would like and the issues I can think of right now.
If anyone has any helpful info or tips on how I can go about achieving these things, I would love to hear them!
I have also been messing around with Import-Module ActiveDirectory and setting the location to AD: so maybe that is the direction I need to move in? I’m really not sure.

Thanks for taking the time to read this and I look forward to being apart of this forum and community!

Welcome to the forum. :wave:t4:

You may start with limitting the questions to one at a time. :wink: And I’d like to recommend the same for your script. Focus on particular part and make it run as expected before you start doing the next.

Since PowerShell version 3.0 you do not need to import modules explicitly anymore. If the module is installed properly it will be loaded automatically if needed. You could add a #Requires -Modules ActiveDirectory though to the top of your script to prevent it from running if the module is not available on the computer where the script runs.

You can read more about here: