Basic AD Admin Console

To start off, I have 0 powershell experience. In fact I don’t have much programming experience in general. That being said, here’s what I’m looking for:

The basic idea is to be able to unlock or reset passwords for an entire OU at once. The commands themselves to unlock, enable, and password reset work- as I already use these now. However I’m trying to build them into a simple admin console. Here’s what I put together over the past hour with a little googling…

Import-Module activedirectory

cd /

$loop = 0
while ($loop eq 0)
$action = Read-Host -Prompt ‘Choose an option:
1-Unlock Accounts
2-Enable Accounts
3-Reset Passwords’

if ($action eq ‘1’)
$ou = read-host -Prompt ‘Enter OU Name’
get-aduser -filter ‘name -like “*”’ -searchbase “ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com” | Unlock-ADAccount

if ($action eq ‘2’)
$ou = read-host -Prompt ‘Enter OU Name’
get-aduser -filter ‘name -like “*”’ -searchbase “ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com” | Enable-ADAccount

if ($action eq ‘3’)
$ou = read-host -Prompt ‘Enter OU Name’
$pwd = Read-Host “Enter desired password:” -AsSecureString
$change = read-host "Force password change at logon? [y] [n]}
if ($change eq ‘y’)
{get-aduser -filter ‘name -like “"’ -searchbase “ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com” | Set-ADAccountPassword NewPassword $pwd -Reset -PassThru -change passwordatnextlogon $true Unlock-ADAccount}
if ($change eq ‘n’)
{get-aduser -filter 'name -like "
”’ -searchbase “ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com” | Set-ADAccountPassword NewPassword $pwd -Reset -PassThru Unlock-ADAccount}

Upon completion, I would like it to just start over with the choose an option prompt.

I know this script is butchered to hell and probably extremely inefficient, if at all correct. Partially attempting this just to learn. Any help is greatly appreciated!


Since I don’t see where you set your variable $loop to anything but 0, the While loop you have should continue to loop until $loop is set to something other than 0. Does it loop continuous for you?

You’ll want to put a - in-front of your eq operator, otherwise it’ll complain about that, example:

if ($action -eq '1')

Error handling, what if a user accidentally enters anything other than 1, 2, or 3? Right now, the script won’t do anything other than a clear screen, and just continuously loop. What if I selected Option 3 and hit anything other than a ‘y’ or ‘n’? Just a few things to think about on handling a mis-type.

You’ll want to have some sort of exit from the loop, by changing $loop to something other that 0. Maybe ‘E-Exit’ and have a corresponding IF statement to handle the exit…?

I would suggest moving the

if ($change -eq ‘y’)
if ($change -eq ‘n’)
under the If for Option 3, something like:

	if ($action -eq '3')
		$ou = read-host -Prompt 'Enter OU Name'
		$pwd = Read-Host "Enter desired password:" -AsSecureString
		$change = read-host "Force password change at logon? [y] [n]

		if ($change -eq 'y')
			get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Set-ADAccountPassword -NewPassword $pwd -Reset -PassThru -change passwordatnextlogon $true | Unlock-ADAccount
		if ($change -eq 'n')
			get-aduser -filter 'name -like "*"' -searchbase "ou=$ou,ou=internal,ou=users,ou=cie,dc=core,dc=com" | Set-ADAccountPassword -NewPassword $pwd -Reset -PassThru | Unlock-ADAccount

Also don’t forget the - in-front of NewPassword, which I added in the code above. I also think you’re missing the | before

for the change [y] [n] part.