• State Not Answered
  • Replies 16 replies
  • Subscribers 62 subscribers
  • Views 2321 views
  • Users 0 members are here
Options
Related

Bulk password reset using a CSV using a workflow

anthony damato
10 months ago

Hi,

We have a situation where we need to have techs submit a csv file listing users and passwords that need to be reset. We currently have a single script in a workflow that does this but since the script uses the service account and not the techs account. They can reset  passwords of users out side the OUs they have rights to.   I was told we need to use a workflows to correct this.  Can you provide any guidance around this?

Thanks much

Tony

  • 0 10 months ago in reply to JohnnyQuest

    Hi,
    I am running the script inside of ARS it is being kicked off by a workflow.  I am using the $DomainOverrideCredentials.Get($userDN) and the set command using the -Credential.  Below is the full section 

    $testuser=get-qaduser $user.samaccountname -Service $user.domain
    $userDN = $testuser.DistinguishedName
    $credentials = $DomainOverrideCredentials.Get($userDN)
    Set-ADAccountPassword -Identity $user.samaccountname -Reset -NewPassword $newpass -server $user.domain -Credential $credentials

    This whole section works for another forest. But I am erroring out on the below. 
    $testuser=get-qaduser $user.samaccountname -Service $user.domain

     Since we have updates to multiple forests have included the "domain" in the csv file.

  • 0 10 months ago in reply to JohnnyQuest

    I am with you but I am failing on getting the info for the -Credentials. 
    Can I hard code the info in this line   -   $credentials = $DomainOverrideCredentials.Get(DC=....)

  • 0 10 months ago in reply to anthony damato

    Per my previous note, you need to add the -Credentials

  • 0 10 months ago in reply to JohnnyQuest

    OK I got that. I am sorry, please bear with.  My problem here is getting the credentials needed for the -credentials switch

    I think I need to hard code the forest info that I am trying to get the credentials for.  What the below work?  I have tried a couple of things with no luck.

    $UnTrustedDomainCreds = $DomainOverrideCredentials.Get("DC=xyz,DC=com")

    After I have the above I understand I need to add the -Credentials $UnTrustedDomainCreds  to my other commands

  • 0 10 months ago in reply to anthony damato

    The easiest way to get the right credentials is to use the DN of the object that you are trying to process with the $DomainOverrideCredentials.Get method

     It's smart enough to extract the domain name from the DN of your target object.

    So, for example

    $UserDN = "CN=John Smith, OU=People,DC=MyDomain,DC=Com"

    $UnTrustedDomainCreds = $DomainOverrideCredentials.Get($UserDN)

    ...will obtain the creds for "DC=MyDomain, DC=Com"

    So there's no harm in doing this for each object you process in a loop.

    'Hope that makes sense

  • 0 10 months ago in reply to JohnnyQuest

    Hi, yeah that makes the issue was I had only the same account now.  I hardcoded an account for that domain so I am now getting past the credentials issue. Now I am getting "Unable to contact the server." even when I hard code the server that the ARS server is using under managed domains. When I manually change a users password in that domain I have no issue.