disturbedone
Vendor
I have a script that imports a CSV. The CSV contains data that was exported from a database with a list of users. I added a column with the plain text generic passwords that those accounts were set to. The script checks to find which users haven't changed their passwords and creates a CSV of the results and emails it. This works perfectly. The code is:
This works. It was created just for testing. However having to export data from a database into a CSV then import it is a step that is unneccesary step now that all is up and running. I'd like the script to query an OU in AD, get all the users and check their passwords and export the results as a CSV.
I have another script that queries an OU (just like I want to do) and sets all those users to never expire the passwords. So I want to use the query process and mix it with the 'check password' process into a script but I just can't get it to work. The 'password never expires' script is:
The merged script that doesn't work is:
But I get an error saying that the $ResultsCSV file isn't created (which it isn't) so it's not outputting any data. I can confirm that there are users in that OU who don't have passwords of Password1 which is what it's checking against.
Any ideas how to get this to work?
Code:
##Required for AD Support
Import-Module activedirectory
# List email recipients who should receive the log file
$emailrecipients = "me@somewhere.com"
$ApplicationPath = "C:\Scripts\ParentCheckPasswords\"
$CSVFile = $ApplicationPath + "parents.csv"
$ResultsCSV = $ApplicationPath + "ParentPasswordsResults.csv"
### Deletes previous results file
Remove-Item $ResultsCSV
import-csv $CSVFile | foreach {
$UserName = $_.ParentID
$Password = $_.Password
$Domain = $env:USERDOMAIN
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct,$Domain
$PasswordChanged = $pc.ValidateCredentials($UserName,$Password)
IF ($PasswordChanged -eq "False")
{ "$UserName,$PasswordChanged" | out-file $ResultsCSV -Append }}
### Create the mail message and add the $Results.csv text file as an attachment###
Send-MailMessage –From server@somewhere.com –To $emailrecipients –Subject "Parent AD Password Check" –Body "Attached is the current list of parents who have not changed their default AD password." -Attachment $ResultsCSV –SmtpServer mail.somewhere.comThis works. It was created just for testing. However having to export data from a database into a CSV then import it is a step that is unneccesary step now that all is up and running. I'd like the script to query an OU in AD, get all the users and check their passwords and export the results as a CSV.
I have another script that queries an OU (just like I want to do) and sets all those users to never expire the passwords. So I want to use the query process and mix it with the 'check password' process into a script but I just can't get it to work. The 'password never expires' script is:
Code:
### Import AD module
Import-Module ActiveDirectory
$ApplicationPath = "C:\Scripts\ParentPasswordSetNeverExpire\"
$LogFile = $ApplicationPath + "\Log.txt"
### Deletes previous results file
Remove-Item $LogFile
$users = $i = $null
### Specify the location of the OU to find users in
$USERS = Get-ADUser -SearchBase "OU=PARENTS, OU=USERS, DC=domain, DC=local" -filter * -Property UserPrincipalName,PasswordNeverExpires
ForEach($user in $users)
{
Set-ADUser -Identity $user.distinguishedName -PasswordNeverExpires:$true
"Password for $($user.name) has been set to never expire" | out-file -append $LogFile
$i++
}The merged script that doesn't work is:
Code:
##Required for AD Support
Import-Module activedirectory
# List email recipients who should receive the log file
$emailrecipients = "me@somewhere.com"
$ApplicationPath = "C:\Scripts\ParentCheckPasswords\"
$CSVFile = $ApplicationPath + "parents.csv"
$ResultsCSV = $ApplicationPath + "ParentPasswordsResults.csv"
### Deletes previous results file
IF ( (Test-Path "$ResultsCSV") -eq $true )
{ Remove-Item $ResultsCSV }
$users = $i = $null
### Specify the location of the OU to find users in
#$USERS = Get-ADUser -SearchBase "OU=PARENTS, OU=USERS, DC=domain, DC=local" -filter * -Property UserPrincipalName
$USERS = Get-ADUser -SearchBase "OU=test-steve, DC=grammar, DC=local" -filter *
ForEach($user in $users)
{
$Password = "Password1"
$Domain = $env:USERDOMAIN
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$pc = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $ct,$Domain
$PasswordChanged = $pc.ValidateCredentials($User,$Password)
IF ($PasswordChanged -eq "False")
{ "$User,$PasswordChanged" | out-file $ResultsCSV -Append
$i++
}
}
### Create the mail message and add the $Results.csv text file as an attachment###
Send-MailMessage –From server@somewhere.com –To $emailrecipients –Subject "Parent AD Password Check" –Body "Attached is the current list of parents who have not changed their default AD password." -Attachment $ResultsCSV –SmtpServer mail.somewhere.comBut I get an error saying that the $ResultsCSV file isn't created (which it isn't) so it's not outputting any data. I can confirm that there are users in that OU who don't have passwords of Password1 which is what it's checking against.
Any ideas how to get this to work?
