How to Bulk Password Reset Using PowerShell in O365 Business And Send to Individual Email - Untold.IT

Breaking

Post Top Ad

Monday, February 4, 2019

How to Bulk Password Reset Using PowerShell in O365 Business And Send to Individual Email


Managing User's Password in O365 can be a great headache when you want to send the initial password in each user's individual email address.




Because the default setup in O365 bulk password reset will send the initial password for all users in a single email address only. However, with the help of powershell and some brilliant scripting, we now have the ability to do the password reset and send to email in just a few steps.


Requirements:


  • O365 Global Admin Account
  • PowerShell ISE for Windows
  • CSV File


Procedure:

  1. Connect to O365 using PowerShell
  2. Run PowerShell ISE as Administrator and Copy the Script below.(Credits to Sidath Liyanage for this brilliant script)
#############################################################################
#       Author: Sidath U Liyanage
#       Date: 14/01/2019
#       Satus: Bulk change user password
#       Update: Initial functionality.
#       Description: Bulk change password for a given list of users.
#       Note!: Update the "PasswordChangeList.csv" before running the script.
#############################################################################
###########################Define Variables##################################

$FilePath = "C:\Users\<User Profile>\Desktop" #<< Path for the CSV file
$adminAcc = 'admin@<tenant name>.onmicrosoft.com' #<< Admin account credentials

$FromAddress = 'admin@<tenant name>.onmicrosoft.com' #<< Mail from address
$MailSubject = "Login to your new office 365 account [Do not reply]"
$MailSignature = "O365 admin"
$SmtpPServer = 'smtp.office365.com'
$SmtpPort = '587'

#############################################################################
Write-Warning "Have you updated the variables and PasswordChangeList.csv file? (if not close this window and do it first)"
pause

#Install AzureAD module if it's not available
If ((Get-Module AzureADPreview) -eq $null) {
    Write-Warning "Installing module AzureAD.. [Note: To install this module you must run this script with admin priviledges]"
    Install-Module AzureADPreview
    }

#Connect to O365 tenant
$cred = Get-Credential -credential $adminAcc
$o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Connect-AzureAD -Credential $cred
Import-PSSession $o365Session

$ImprtLst = Import-Csv "$FilePath\PasswordChangeList.csv"

If ($adminAcc -ne $FromAddress) {
    $credMail = Get-Credential -credential $FromAddress
    }
Else {$credMail = $cred}


$ImprtLst | ForEach-Object {
    $Error.Clear()
    $CUPN = $_.UserPrincipalName
    $CPW = $_.Password
    $CDN = $_.DisplayName
    $CMail = $_.SendToMail
    $CPWS = ConvertTo-SecureString -String $CPW -AsPlainText -Force
    Write-Host "reseting the password of: $CUPN" -ForegroundColor Magenta -BackgroundColor Black
    $CObjID = (Get-AzureADUser -Filter "UserPrincipalName eq '$CUPN'").objectID
    Set-AzureADUserPassword -ObjectId $CObjID -Password $CPWS -EnforceChangePasswordPolicy:$false
    #Error logging
    If ($Error -ne $null) {
        $Error | Out-File $FilePath\ErrorLog.txt
        }

    #Generate message body
    $MsgBody = "Hi $CDN"
    $MsgBody += ",</br> </br> <p> Following are your new Office 365 Credentials. </p>"
    $MsgBody += "</br> <table border=0> <tr> <th> User Name </th> <th> Password </th> <tr>"
    $MsgBody += "<tr> <td> $CUPN </td> <td> $CPW </td> </tr> </table>"
    $MsgBody += "</br> </br> <p>Sincerely,</br> $MailSignature </p>"

    Write-Host "Sending the password to: $CMail"
    Send-MailMessage -From $FromAddress -To $CMail -Subject $MailSubject -Body $MsgBody -Priority High -SmtpServer $SmtpPServer -Credential $credMail -UseSsl -BodyAsHtml

    }

3. Replace the following in the script:
            $FilePath <= The path of your CSV File
            $adminAcc <= Global Admin Account
            $FromAddress <= The Email address to be use for sending the initial password
            $ImprtLst = Import-Csv "$FilePath\PasswordChangeList.csv" <= Replace PasswordChangeList.csv with the name of your CSV File

4. Your CSV File should look like this:



You can set your desired password in the Password Field. However, it is recommended to generate a random password for each users.


Here is a sample Email Sent for the Initial Password:




No comments:

Post a Comment

Post Top Ad