Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In my test labs, some of the more specialized testing labs (perf, specifically) have one-way trust with the larger test ___domain. This means I can set (or, in the case of some coworkers) reset credentials when they don’t log into the smaller ___domain frequently enough. You can do it via dsa.msc and connecting it to the ___domain that trusts the current ___domain, but it’s also something that happens enough that I may as well script it.
function Set-AdForestPassword
{
param (
[string[]]$Domain = @( $env:UserDnsDomain.ToLower()),
[string[]]$Username = @($env:UserName)
);
begin
{
if (!(Get-Command Get-AdUser)) { Import-Module Active-Directory; }
} # begin
process
{
foreach ($myDomain in $Domain)
{
foreach ($myUser in $Username)
{
Write-Progress "Getting DN" "$myDomain\$myUser";
if ($dn = (Get-AdUser -Identity $myuser -Server $myDomain -ErrorAction SilentlyContinue).DistinguishedName)
{
$secureString = Read-Host -AsSecureString -Prompt "Enter password for $myDomain\$myUser";
if ($secureString -and
($password = [System.Runtime.InteropServices.marshal]::PtrToStringAuto(
[System.Runtime.InteropServices.marshal]::SecureStringToBSTR($secureString)
))
) {
Write-Progress "Updating password" "$myDomain\$myUser";
$myDn = "LDAP://$dn";
$user = [ADSI]$myDn;
$user.PsBase.Invoke("SetPassword", $password);
$user.PsBase.CommitChanges();
} # if ($secureString = Read-Host...)
else
{
Write-Warning "No password entered for $myDomain\$myUser. Skipping.";
} # if ($secureString = Read-Host...) ... else
} # if ($dn = (Get-AdUser...
else
{
Write-Warning "Cannot get DN for $myDomain\$myUser. Skipping.";
} # if ($dn = (Get-AdUser... else
} # foreach ($myUser in $Username)
} # foreach ($myDomain in $Domain)
} # process
} # function Set-AdForestPassword
By default, it will reset the account in the current ___domain, but the -Domain parameter allows me to set the credentials for someone in our perf lab.