Script Repository


Reset user password in resource domain

February 23, 2021
1445

The script resets a user password in the resource domain after it is changed or reset in the primary domain. To use the script, create a business rule triggering After changing password of a user or After resetting password of a user in the primary domain.

For the script to work, user must have the same username (LDAP name sAMAccountName) or Full Name (LDAP name cn).

Paramerter:

  • $domainDN - Specifies the distinguished name (DN) of the resource domain.
Edit Remove
PowerShell
$domainDN = "DC=domain,DC=com" # TODO: modify me

# Search user account in the resource domain
try
{
    $searcher = $Context.BindToObjectByDN($domainDN)
    $searcher.SearchFilter = "(&(sAMAccountType=805306368)(|(sAMAccountName=%username%)(cn=%fullname%)))"
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SizeLimit = 2
    
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    if ($searchResults.Length -eq 0)
    {
        $Context.LogMessage("Cannot reset password of the user account in the secondary domain because the user doesn't have an account in the secondary domain.", "Warning")
        return
    }
    elseif ($searchResults.Length -gt 1)
    {
        $Context.LogMessage("Found more than one account for the user in the secondary domain", "Warning")
        return
    }
    
    # Set the password
    $user = $Context.BindToObject($searchResults[0].AdsPath)
    $user.SetPassword("%unicodePwd%")
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}

Comments ( 0 )
No results found.
Leave a comment