Script Repository

Reset user password in resource domain

February 23, 2021

The script resets a user password in the resource domain after it is changed or reset in the primary domain. To use the script, create a business rule triggering After changing password of a user or After resetting password of a user in the primary domain.

For the script to work, user must have the same username (LDAP name sAMAccountName) or Full Name (LDAP name cn).


  • $domainDN - Specifies the distinguished name (DN) of the resource domain.
Edit Remove
$domainDN = "DC=domain,DC=com" # TODO: modify me

# Search user account in the resource domain
    $searcher = $Context.BindToObjectByDN($domainDN)
    $searcher.SearchFilter = "(&(sAMAccountType=805306368)(|(sAMAccountName=%username%)(cn=%fullname%)))"
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SizeLimit = 2
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    if ($searchResults.Length -eq 0)
        $Context.LogMessage("Cannot reset password of the user account in the secondary domain because the user doesn't have an account in the secondary domain.", "Warning")
    elseif ($searchResults.Length -gt 1)
        $Context.LogMessage("Found more than one account for the user in the secondary domain", "Warning")
    # Set the password
    $user = $Context.BindToObject($searchResults[0].AdsPath)
    # Release resources

Comments ( 0 )
No results found.
Leave a comment