Public/Set-MsolUserPassword.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
function Set-MsolUserPassword {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $true)]
        [string[]]$UserPrincipalName,
        [boolean]$RevokeToken = $true,
        [boolean]$ForceChangePassword = $true
    )
    
    begin {
        #should check for connectivity to MSOL and AzureAD
    }
    
    process {
        foreach ($user in $UserPrincipalName) {
            try {
                Get-MsolUser -UserPrincipalName $user -ErrorAction Stop -OutVariable msolUser | Out-Null
            }
            catch {
                Write-Error -Message "User not found. User: $user"
                Continue
            }
            Write-Verbose -Message "Setting password for $user"
            $newPassword = Set-MsolUserPassword -UserPrincipalName $user -ForceChangePassword $ForceChangePassword
            $obj = [PSCustomObject]@{
                UserPrincipalName                   = $user
                DisplayName                         = $msolUser.DisplayName
                NewPassword                         = $newPassword
                PreviousLastPasswordChangeTimeStamp = $msolUser.LastPasswordChangeTimestamp
            }
            $obj

            if ($RevokeToken) {
                Write-Verbose -Message "Initiating user log out. User: $user"
                Revoke-AzureADUserAllRefreshToken -ObjectId $msolUser.ObjectId
            }
        }
    }
    
    end {
    }
}