So i want a script that sets the Administrator password.
I want the user to input it twice and then check if it matches.
Ive already tried to switch the conditions -eq and -ne in the two if statements, but it didnt change anything
$Password = Read-Host -AsSecureString 'Passwort des lokalen Administrators setzen' #input admin password
$PasswordRepeat = Read-Host -AsSecureString 'Passwort wiederholen' #repeat password
if ($Password -eq $PasswordRepeat) {
$UserAccount = Get-LocalUser -Name "Admin"
$UserAccount | Set-LocalUser -Password $Password
'Passwort wurde gesetzt' #password was set
''
Read-Host 'Enter druecken um das Script zu schliessen' #press enter to close
}
elseif ($Password -ne $PasswordRepeat) {
'Passwoerter stimmen nicht ueberein' #passwords do not match
''
Read-Host 'Enter druecken um das Script zu schliessen' #press enter to close
}
So when the password and passwordrepeat match it should change the password and output that the password is set. But if i input the same password twice it also prints out that the passwords do not match, and when i input two different passwords it also says that they dont match
Find at this url : Verify Passwords Match in Windows Powershell
I think this can respond :
Write-Host "Hey..!! I am here to compare the password you are entering..."
$pwd1 = Read-Host "Passowrd" -AsSecureString
$pwd2 = Read-Host "Re-enter Passowrd" -AsSecureString
$pwd1_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd1))
$pwd2_text = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd2))
if ($pwd1_text -ceq $pwd2_text) {
Write-Host "Passwords matched"
} else {
Write-Host "Passwords differ"
}
Related
I'm looking to create a simple powershell script that will import the user's first name from file, prompt to create a new password and loop on error when the password doesn't meet the password requirement based on the "ErrorVariable" if possible. If not, please advise.
# import user firstname from file
$firstname = $(Get-Content "C:\tmp\local\firstname.txt")
# prompt user for new password
$password = Read-Host "Hello, $firstname!! Please change your local admin account password. (Requirements: At least 8-characters, 1-Cap Letter, 1-Number) " -AsSecureString -Erroraction silentlycontinue -ErrorVariable PasswordError
# create new password
$password = $password
Get-LocalUser -Name "$firstname" | Set-LocalUser -Password $password -Erroraction silentlycontinue -ErrorVariable PasswordError
If ($PasswordError)
{
"Unable to update the password. The new password does not meet the length or complexity."
}
If (-Not $PasswordError)
{
"Password updated successfully!!"
See script above.........
Think you could simply use try/catch - e.g.:
try {
Set-LocalUser -Name $firstname -Password $password -Erroraction:stop
write-host "Password updated successfully!!"
}
Catch {
write-error $_
}
If the operation succeeded you will get "Password updated successfully!!", otherwise it returns the error.
I have the following script to update passwords with an autogenerated 32 character password. It then makes a password-protected Word doc so that we can update our secure password library. Generating the password works fine.
The problem occurs when I try to assign a password to the password-protected word doc. I can hard code a string directly such as:
$PL_Document.Password = 'blah'
In the case where I hard code it everything works fine. I get a password protected word doc with the login info.
However, when I try to read it in using Read-host then assign it, the script hangs.
Add-Type -AssemblyName System.Web
cls
#************ Create Document ******************************
function CreateDocument
{
$PL_Word = New-Object -ComObject Word.Application
#$PL_Word.Visible = $true
$PL_Document = $PL_Word.Documents.Add()
$PL_Report = 'C:\TEMP\MyDoc.docx'
$PL_Document.SaveAs([ref]$PL_Report,[ref]$SaveFormat::wdFormatDocument)
$PL_Selection = $PL_Word.Selection
#****************** Password Protect the Word File ********
$PL_PwdEntry = Read-Host ("Enter the password for the text document record") -AsSecureString
$PL_WdPWD = ConvertFrom-SecureString $PL_PwdEntry
$PL_Document.Password = $PL_WdPWD
#************** Write Password to Document *************************************
$PL_Selection.TypeParagraph()
$PL_Selection.TypeText("Username: $PL_UN")
$PL_Selection.TypeParagraph()
$PL_Selection.TypeText("Password: $PL_PWD")
#************** Close Document *************************************
$PL_Document.Close()
$PL_Word.Quit()
}
#****************** Create Password ************************
$PL_PWD = [System.Web.Security.Membership]::GeneratePassword(32,3)
Write-Host "`n`n"
$PL_UN = "Prime\"+(Read-Host ("Enter the username. Entering the Primelending domain is not neccessary."))
Write-Host "`nSummary of the change" -f Yellow
Write-Host "============================" -f Yellow
Write-Host "`nUsername: " -NoNewline
Write-Host "$PL_UN" -f Yellow
Write-Host "New Password: " -NoNewline
Write-Host "$PL_PWD`n" -f Yellow
Write-Host "Do you want to update AD (Y/N)" -NoNewline -f Yellow
$PL_Query = Read-Host (" ")
If ($PL_Query.ToUpper() -eq "Y") {
Write-Host "`nMaking change" -f Green
#Set-ADAccountPassword -Identity $PL_UN -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$PL_PWD" -Force)
CreateDocument
}
else {Write-Host "`nAbandoning change" -f Green }
The $PL_WdPWD = ConvertFrom-SecureString $PL_PwdEntry part of your script will not be returning a plain text password and instead will be an encoded version of the password that will have a much longer length than that of the original password.
From what I recall Word has a password limit of 255 characters, which this value would likely exceed and is probably the cause of the hang as Word cannot handle it.
If you're using PowerShell v7 or above change $PL_WdPWD = ConvertFrom-SecureString $PL_PwdEntry to $PL_WdPWD = ConvertFrom-SecureString $PL_PwdEntry -AsPlainText in order to get the plain text version of the password
Alternatively, seeing as you're needing the plain text password straight away and trying to store it in a separate variable, just get the Read-Host cmdlet to return you a plain text password instead by changing:
$PL_PwdEntry = Read-Host ("Enter the password for the text document record") -AsSecureString
$PL_WdPWD = ConvertFrom-SecureString $PL_PwdEntry
to
$PL_WdPWD = Read-Host ("Enter the password for the text document record")
Edit following comments
It appears that Word hangs when passing the $PL_WdPWD variable to $PL_Document.Password is due to a lack of quotes.
In order to resolve this, you can change this line
$PL_Document.Password = $PL_WdPWD
to this
$PL_Document.Password = "$PL_WdPWD"
Note: in your updated code, you're still using Read-Host -AsSecureString and then converting it with ConvertFrom-SecureString. This will not be giving you the password you expect and instead return an encoded version of that password. See my original answer for details on this.
I'm having some problems running a powershell script when not on the domain controller.
The idea is that a delegated user such as a principal can change the passwords for students.
On the server I have added the membership into the powershell script allowing users to remote connect.
I have tested the code line by line on an end users account and computer.
However, when I run the script the import-module active directory doesn't work.
The error I get on the screen shows that it doesn't know what get-ADUser is followed by still being connected to the remote powershell connection on the domain controller.
Enter-PSSession -ComputerName DomainController
Import-Module ActiveDirectory
Write - Host "********************************************************** `r`nDomainController - Studnet Password Configurator `r`n********************************************************** `r`n `r`nThis program will assist when a student requires a password change. `r`nPlease ensure that you verify the student prior to implementing the change. `r`n"
do
{
$TargetUser = Read-Host -Prompt 'Enter a student user ID name'
if (Get-ADUser -Filter {SamAccountName -eq $TargetUser})
{
"Process user $TargetUser"
Get-ADUser -Identity $TargetUser
$passwordchange = Read-Host -Prompt 'Would you like to change the user password? [y|n]'
if ($passwordchange -eq 'y')
{
$newPassword = Read-Host -Prompt 'Please type new password'
Set-ADAccountPassword $TargetUser -Reset -NewPassword (ConvertTo-SecureString -Force -AsPlainText '$newPassword')
Write - Host "$TargetUser` password has now been changed to: $newPassword"
}
}
else
{
Write - Host "$TargetUser` does not exist, please try again."
}
$answer = Read-Host -Prompt 'Would you like to see another user? [y|n]'
}
until ($answer -eq 'n')
Exit-PSSession
This script is for reseting passwords on AD users if they lost it and need to make a new one. But let's say we dont know the username only their real name, so we want to search for the username and insert it to $Username.
function Reset_Password_Account () {
$Username = Read-Host "Enter your username"
Write-Host "Changing Password for account" $Username
$Newpassword = Read-Host "Enter Temporary Password" -AsSecureString
Write-Host "Running Script..."
Set-ADAccountPassword $Username -NewPassword $Newpassword
Write-Host "Temporary password set"
Set-ADUser $Username -ChangePasswordAtLogon $True
Write-Host "You can now change password on login"
# Stop powershell from exiting after script is run
Read-Host "Press enter to exit"
}
$Readhost = Read-Host "To run script: Enter y
To decline script: Enter n and exit PowerShell
Press Enter to accept your input. ( y / n )"
switch ($ReadHost) {
Y {Reset_Password_Account}
N {exit}
I would recommend using Ambiguous Name Resolution, it searches a range if AD Attributes (list in link) and finds any matches.
The example query below would return both Jimmy Smith and Jim Smith-Williams
Get-ADUser -LDAPFilter "(anr=Jim Smith)"
It will search for all objects where any of the naming attributes start with the string "jim smith*", plus all objects where (givenName=jim*) and (sn=smith*), plus objects where (givenName=smith*) and (sn=jim*).
I am a script that will create a local user and set the password.
I put some error checking in to make sure that the name and password was not blank. For some reason even if username and password are not blank it still says that it is NULL or Empty when is not null or empty:
$Computername = $env:COMPUTERNAME
$ADSIComp = [adsi]"WinNT://$Computername"
$Username = 'TestProx'
$Username = Read-Host -Prompt 'Please enter the New User'
#check that Username is not empty
if([string]::IsNullOrEmpty($destDir))
{
Write-Host "Username is NULL or EMPTY"
}
else
{
$NewUser = $ADSIComp.Create('User',$Username)
#Create password
$Password = Read-Host -Prompt "Enter password for $Username" -AsSecureString
#check that password is not empty
if([string]::IsNullOrEmpty($destDir))
{
Write-Host "password is NULL or EMPTY"
}
else
{
$BSTR = [system.runtime.interopservices.marshal]::SecureStringToBSTR($Password)
$_password = [system.runtime.interopservices.marshal]::PtrToStringAuto($BSTR)
#Set password on account
$NewUser.SetPassword(($_password))
$NewUser.SetInfo()
}
}
Within the first if statement you have to check for $username and within the second for $password instead of $destDir:
$Computername = $env:COMPUTERNAME
$ADSIComp = [adsi]"WinNT://$Computername"
$Username = 'TestProx'
$Username = Read-Host -Prompt 'Please enter the New User'
#check that Username is not empty
if([string]::IsNullOrEmpty($Username))
{
Write-Host "Username is NULL or EMPTY"
}
else
{
$NewUser = $ADSIComp.Create('User',$Username)
#Create password
$Password = Read-Host -Prompt "Enter password for $Username" -AsSecureString
#check that password is not empty
if([string]::IsNullOrEmpty($Password))
{
Write-Host "password is NULL or EMPTY"
}
else
{
$BSTR = [system.runtime.interopservices.marshal]::SecureStringToBSTR($Password)
$_password = [system.runtime.interopservices.marshal]::PtrToStringAuto($BSTR)
#Set password on account
$NewUser.SetPassword(($_password))
$NewUser.SetInfo()
}
}