## Monthly Archives: February 2016

So you’ve got a lot of users in your Active Directory domain whose passwords you need to change for whatever reason, but Windows is all just pointy-clicky, right? Wouldn’t it be better to just be able to use a nice unix-like terminal?

This is where I admit that I didn’t know a whole lot about Microsoft’s Powershell this time last year.

What is Powershell? Well, it’s kinda like the terminal you get on your nice *nix machine, except it’s built to manage Windows Server roles.

And it kinda works like a *nix terminal. You can pipe the output of one command into another command.

You can’t use awk or sed, which I find to be a drag, but.

So getting back to the problem presented at the outset of this post, yes, you can kinda use your *nix-brain to make this happen.

When I started researching this issue, all my searches pretty much ended with scripts that other folks had written, which is fine, except they were usually not known-good for the version of Server that I’m using and I couldn’t be arsed to loosen security settings such that I could import those scripts.

So, if you’re in this boat (or just want to know how the sausage gets made), here it is: How to Change AD Passwords in Bulk

First you need to prep your source material: a CSV file of, at minimum, AD usernames and new passwords. The important part in formatting this CSV is getting the correct headers in so that Powershell can read them and do the right things. If you’re only updating passwords, your CSV should look like this

test2,Newpa$sword test3,n3wpassw0rd Once you have your CSV, drop it somewhere where your Server box can access it, then log in to your server, open Powershell, and run the following command: import-csv [F:\path\to\your.csv] | ForEach-Object {Get-ADUser -Filter "SamAccountName -eq "$($_.SamAccountName)"" | Set-ADAccountPassword -NewPassword (ConvertTo-SecureString$_.Password -AsPlainText -Force)}