Managing User's Password in O365 can be a great headache when you want to send the initial password in each user's individual email address.
Because the default setup in O365 bulk password reset will send the initial password for all users in a single email address only. However, with the help of powershell and some brilliant scripting, we now have the ability to do the password reset and send to email in just a few steps.
Requirements:
- O365 Global Admin Account
- PowerShell ISE for Windows
- CSV File
Procedure:
- Connect to O365 using PowerShell
- Run PowerShell ISE as Administrator and Copy the Script below.(Credits to Sidath Liyanage for this brilliant script)
#############################################################################
# Author: Sidath U Liyanage
# Date: 14/01/2019
# Satus: Bulk change user password
# Update: Initial functionality.
# Description: Bulk change password for a given list of users.
# Note!: Update the "PasswordChangeList.csv" before running the script.
#############################################################################
###########################Define Variables##################################
$FilePath = "C:\Users\<User Profile>\Desktop" #<< Path for the CSV file
$adminAcc = 'admin@<tenant name>.onmicrosoft.com' #<< Admin account credentials
$FromAddress = 'admin@<tenant name>.onmicrosoft.com' #<< Mail from address
$MailSubject = "Login to your new office 365 account [Do not reply]"
$MailSignature = "O365 admin"
$SmtpPServer = 'smtp.office365.com'
$SmtpPort = '587'
#############################################################################
Write-Warning "Have you updated the variables and PasswordChangeList.csv file? (if not close this window and do it first)"
pause
#Install AzureAD module if it's not available
If ((Get-Module AzureADPreview) -eq $null) {
Write-Warning "Installing module AzureAD.. [Note: To install this module you must run this script with admin priviledges]"
Install-Module AzureADPreview
}
#Connect to O365 tenant
$cred = Get-Credential -credential $adminAcc
$o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Connect-AzureAD -Credential $cred
Import-PSSession $o365Session
$ImprtLst = Import-Csv "$FilePath\PasswordChangeList.csv"
If ($adminAcc -ne $FromAddress) {
$credMail = Get-Credential -credential $FromAddress
}
Else {$credMail = $cred}
$ImprtLst | ForEach-Object {
$Error.Clear()
$CUPN = $_.UserPrincipalName
$CPW = $_.Password
$CDN = $_.DisplayName
$CMail = $_.SendToMail
$CPWS = ConvertTo-SecureString -String $CPW -AsPlainText -Force
Write-Host "reseting the password of: $CUPN" -ForegroundColor Magenta -BackgroundColor Black
$CObjID = (Get-AzureADUser -Filter "UserPrincipalName eq '$CUPN'").objectID
Set-AzureADUserPassword -ObjectId $CObjID -Password $CPWS -EnforceChangePasswordPolicy:$false
#Error logging
If ($Error -ne $null) {
$Error | Out-File $FilePath\ErrorLog.txt
}
#Generate message body
$MsgBody = "Hi $CDN"
$MsgBody += ",</br> </br> <p> Following are your new Office 365 Credentials. </p>"
$MsgBody += "</br> <table border=0> <tr> <th> User Name </th> <th> Password </th> <tr>"
$MsgBody += "<tr> <td> $CUPN </td> <td> $CPW </td> </tr> </table>"
$MsgBody += "</br> </br> <p>Sincerely,</br> $MailSignature </p>"
Write-Host "Sending the password to: $CMail"
Send-MailMessage -From $FromAddress -To $CMail -Subject $MailSubject -Body $MsgBody -Priority High -SmtpServer $SmtpPServer -Credential $credMail -UseSsl -BodyAsHtml
}
3. Replace the following in the script:
$FilePath <= The path of your CSV File
$adminAcc <= Global Admin Account
$FromAddress <= The Email address to be use for sending the initial password
$ImprtLst = Import-Csv "$FilePath\PasswordChangeList.csv" <= Replace PasswordChangeList.csv with the name of your CSV File
4. Your CSV File should look like this:
You can set your desired password in the Password Field. However, it is recommended to generate a random password for each users.
Here is a sample Email Sent for the Initial Password:
No comments:
Post a Comment