TechToolbox

0.5.15

en-US/about_Reset-ADPassword.help.txt

                                about_Reset-ADPassword

---------------------

SHORT DESCRIPTION

    Resets an Active Directory user's password using TechToolbox's private

    password generator and returns a summary object.

LONG DESCRIPTION

    Reset-ADPassword generates a new password (using the configurable

    Get-NewPassword helper), applies it to the specified AD account, and

    optionally unlocks the account, forces a password change at next logon,

    and delivers the plaintext password via console output, file, or clipboard.

    Password generation style defaults to 'Readable' but can be set to

    'Random' or 'Passphrase'. Configuration values for length, separator,

    and other options are read from $script:cfg at runtime.

PARAMETERS

    -Identity

        The AD user identity (sAMAccountName, UPN, or DN). Required.

    -ChangePasswordAtLogon

        Sets "User must change password at next logon". Default is $true.

        Use -ChangePasswordAtLogon:$false to leave the existing setting intact.

    -Unlock

        Unlocks the account after resetting the password.

    -Style

        Controls how the password is generated. Valid values are 'Random',

        'Readable', and 'Passphrase'. Default is 'Readable'.

    -OutFile

        Path to a file where the plaintext password will be written. The

        parent directory is created automatically if it does not exist.

    -Clipboard

        Copies the plaintext password to the Windows clipboard. Only supported

        on Windows systems.

    -Credential

        (Reserved) Credential parameter to satisfy TechToolbox module interface.

        Currently passed through to AD cmdlets but otherwise unused inside this

        function.

    -WhatIf

        Shows what would happen if the cmdlet runs. Does not reset the password.

    -Confirm

        Prompts for confirmation before resetting the password.

OUTPUTS

    [pscustomobject]

    A custom object containing:

    - SamAccountName

    - DistinguishedName

    - ChangePasswordAtLogon (bool)

    - Unlocked (bool)

    - PasswordDelivery (string: comma-delimited list of 'Console', 'File', 'Clipboard')

    - Timestamp

EXAMPLES

    Example 1

        Reset-ADPassword -Identity jdoe -ChangePasswordAtLogon -Clipboard

        Resets the password for user jdoe, forces a change at next logon, and

        copies the new password to the clipboard.

    Example 2

        Reset-ADPassword -Identity jdoe -Unlock -OutFile C:\temp\jdoe_password.txt

        Resets the password, unlocks the account if locked out, and writes the

        plaintext password to a file.

    Example 3

        Reset-ADPassword -Identity jdoe -ChangePasswordAtLogon:$false

        Resets the password but does not force the user to change it at next logon.

NOTES

    Logging is performed via Write-Log with levels Info, Warn, Error, and Ok.

    The function requires the ActiveDirectory PowerShell module. If unavailable,

    an error is thrown suggesting RSAT or AD tools installation.

SEE ALSO

    Get-NewPassword, Set-ADAccountPassword, Unlock-ADAccount, Set-ADUser, Write-Log, Initialize-TechToolboxRuntime

KEYWORDS

    Reset-ADPassword, password reset, Active Directory, AD password, unlock account, ChangePasswordAtLogon, Get-NewPassword, TechToolbox