====== Passwort zurücksetzen ====== param ( [string]$Server, [string]$Username ) function GeneratePassword { param ( [int]$Length, [int]$CountSmallLetter, [int]$CountCapitalLetter, [int]$CountNumber, [int]$CountSpecial ) $listLetterSmall=@("a","b","c","d","e","f","g","h","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z") $listLetterCap=@("A","B","C","D","E","F","G","H","J","K","L","M","N","P","Q","R","S","T","U","V","W","X","Y","Z") $listNumber = @("2","3","4","5","6","7","8","9") $listS = @("#", "+", "?", "!", ".") $Type = @("smallletter", "bigletter", "number", "special") $pw = "" $estLength = $CountSmallLetter + $CountCapitalLetter + $CountNumber + $CountSpecial if ($Length -ne $estLength) {throw "Länge passt nicht mit den angeforderten Symbolmengen überein!"} $cSLetter = 0; $cBLetter = 0; $cNumber = 0; $cSpecial = 0; for ($i=0; $i -lt $Length; $i++) { $accept = $false do { $tmp = $Type | Get-Random if ($tmp -eq "smallletter" -and $cSLetter -lt $CountSmallLetter) {$accept = $true} if ($tmp -eq "bigletter" -and $cBLetter -lt $CountCapitalLetter) {$accept = $true} if ($tmp -eq "number" -and $cNumber -lt $CountNumber) {$accept = $true} if ($tmp -eq "special" -and $cSpecial -lt $CountSpecial) {$accept = $true} } while ($accept -eq $false) switch ($tmp) { "smallletter" { $pw += $listLetterSmall | Get-Random $cSLetter += 1 } "bigletter" { $pw += $listLetterCap | Get-Random $cBLetter += 1 } "number" { $pw += $listNumber | Get-Random $cNumber += 1 } "special" { $pw += $listS | Get-Random $cSpecial += 1 } } } $pw } $NewPassword = GeneratePassword -Length 8 -CountSmallLetter 3 -CountCapitalLetter 2 -CountNumber 2 -CountSpecial 1 Import-Module ActiveDirectory Set-ADAccountPassword -Identity $Username -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $NewPassword -Force) -Server $Server | Out-Null Set-ADUser -Identity $Username -ChangePasswordAtLogon -Server $Server $NewPassword Zum Schluss wird das Passwort zurück gegeben. {{tag>[Active_Directory AD Password Reset]}}