Powershell change Password of all Users in the Domain - powershell

i always get the ACCES DENIED Powershell Error and have no idea why....
my script:
Get-ADUser -Filter * -SearchScope Subtree | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Mypw123" -Force)
please help me
Thank you

Nothing wrong with your script. Things to check:
Run the command from an elevated Powershell command
Try with a single user to see if you are still getting the error If it is not working
for a single user,
use ADUC (make sure you have launched it as the user launching the PowerShell session), right click and reset the account. You should get the same error.

Related

How to reset MFA with powershell and test it?

I'm looking for a way to reset the MFA for a specific user. Right now I'm using the command
Reset-MsolStrongAuthenticationMethodbyUpn -UserPrincipalName $user
However I don't think this is working properly. Here is my code:
Connect-MsolService -Credential $Cred
$user = "user#test.com"
Reset-MsolStrongAuthenticationMethodbyUpn -UserPrincipalName $user
Then, to check if the MFA was reset I do:
$userMFA = Get-MsolUser -UserPrincipalName $user |select -ExpandProperty StrongAuthenticationUserDetails
$userPhoneNumber = $userMFA.PhoneNumber
But the phone number is still there and isn't erased.
Am I testing this right? Maybe there is another way to check is the MFA was reseted, I'm just not another way to test it. Does anyone now if there is a better way to check if the code worked (through powershell or not)?

Skype for business Move-CsUser command prompts for sign in after moving 10-15 users and doesn't accept the credential

I am trying to move bulk users(900+) from SfB On-Premise to SfB-Online using Move-CsUser PowerShell Cmdlet. Below is the code snippet:
$INP = Get-Content -Path <txt file path>
$SESSION = New-CsOnlineSession
Import-PsSession $SESSION -AllowClobber
foreach($USER in $INP)
{
Move-CsUser -Identity $USER -Target 'sipfed.online.lync.com' -ProxyPool 'ProxyPool_FQDN' -UseOAuth -Confirm:$False
}
It works fine for 15-20 users and moves them successfully to SfBOnline however, after that it prompts for Office admin credentials again saying "We couldn't sign you in. Please try again" and doesn't accept the credential anymore. Keeps prompting the same.
NOTE:
I have followed all the possibilities from Technet with no luck.
Disabled MFA from the global admin Office account - No luck.
Tried using -UserList parameter to move bulk users - Same issue.
Any help would be much appreciated.

Set-ADAccountPassword specifying -Credential

I triyng to reset a password using this code:
Set-ADAccountPassword -Identity <username> -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'N3WP#SS' -Force)
But it uses the credentials of the logged user to execute this action. How do I specify other user to perform this action using
-Credential?
If you are trying to specify other user :
PSCredential Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.
You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential object.
Prompt a specified user to change their password.
Use this command below :
Set-ADAccountPassword -Identity TestName
Please enter the current password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:**********
Please enter the desired password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:***********
Repeat Password:***********
Set a password for a user account using a distinguished name :
Set-ADAccountPassword -Identity 'CN=Elisa
Daugherty,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword
(ConvertTo-SecureString -AsPlainText "p#ssw0rd" -Force)
Please take a look at this doc for more reference : Ser-ADAccountPassword

Powershell, RunAs vs Credential

So I have not found anything that explains why this code will run when you open PowerShell as "Administrator", entering your domain admin credential. Whereas when you open PowerShell with no admin privilege and using the -credential Domain\DomainAdminUser, then entering your password when prompted and I get error. Why is this?
Error: Get-WinEvent: The parameter is incorrect.
I'm asking because I have a menu script which I can run it as admin using my domain admin credential but the gpresult command will not work because of "invalid pointer" and reason being is, my domain account is not part of the authenticated user.
So to make it easy, I need to run my menu script without admin rights and use the -credential switch for certain commands within the menu script.
cls
$logname = "Security"
$Id = "4634"
$Id2 = "4624"
Get-WinEvent -ComputerName $env:COMPUTERNAME -Credential Domain\DomainAdminuser #{logname=$logname;Id=$Id,$Id2;starttime=[datetime]::Today} |
Select-Object TimeCreated, Id, #{n="Message";e={($_.message).Split(" ")[0..4] -join " "}} | Format-Table -Wrap

set-aduser takes too long

I have written a script to update a lot of users in Active Directory. It is taking about 10 seconds to run the update, and that seems like too long.
Here is my command:
Set-ADUser $userName -StreetAddress $address1 -Server "MyWickedCoolServerName"
I also tried something like this:
Set-ADUser $userName –Replace #{st=$address1} -Server "MyWickedCoolServerName"
As you can see I have to specify the server each time since we don't have the default one set up, could this be causing the issue? Also, I am running this script remotely on my pc which is not on the domain, so I have to use "runas" to run powershell and have access to AD. Could that be causing the issue?
Any suggestions on what I can look at to see where the performance issue is?
Your command will not work, because your computer is not joined to the Active Directory domain. Since you said that your computer is not domain-joined, you will have to use the -Credential parameter of the Set-ADUser command in order to run it successfully.
$Credential = Get-Credential;
Set-ADUser -Identity $userName -StreetAddress $address1 -Server MyWickedCoolServerName -Credential $Credential;