Reset-MsOUserPassword
MSOnline: Reset Azure AD user password
#Requires -Version 5.1
[CmdletBinding()]
Param(
[Parameter(Mandatory = $true, ParameterSetName = 'Id')]
[guid]$UserObjectId,
[Parameter(Mandatory = $true, ParameterSetName = 'Name')]
[string]$UserName,
[Parameter(ParameterSetName = 'Id')]
[Parameter(ParameterSetName = 'Name')]
[securestring]$NewPassword,
[Parameter(ParameterSetName = 'Id')]
[Parameter(ParameterSetName = 'Name')]
[switch]$ForceChangePassword,
[Parameter(Mandatory = $true, ParameterSetName = 'ForceOnly')]
[switch]$ForceChangePasswordOnly,
[Parameter(ParameterSetName = 'Id')]
[Parameter(ParameterSetName = 'Name')]
[guid]$TenantId
)
Process {
try {
if ($PSCmdlet.ParameterSetName -eq 'Id') { $user = Get-MsolUser -ObjectId $UserObjectId -TenantId $TenantId -ErrorAction Stop }
elseif ($PSCmdlet.ParameterSetName -eq 'Name') { $user = Get-MsolUser -SearchString $UserName -TenantId $TenantId -ErrorAction Stop | Select-Object -First 1 }
else { $user = $null }
if ($ForceChangePasswordOnly -and $user) {
Set-MsolUserPassword -ObjectId $user.ObjectId -ForceChangePassword $true -ForceChangePasswordOnly $true -TenantId $TenantId -ErrorAction Stop
}
elseif ($null -ne $NewPassword -and $user) {
$plainPass = (New-Object System.Net.NetworkCredential('', $NewPassword)).Password
Set-MsolUserPassword -ObjectId $user.ObjectId -NewPassword $plainPass -ForceChangePassword:$ForceChangePassword -TenantId $TenantId -ErrorAction Stop
}
[PSCustomObject]@{ Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'; UserName = if ($user) { $user.UserPrincipalName } else { $UserName }; Status = 'Password reset completed' }
}
catch { throw }
}Unique ID of the user
Display name, Sign-In Name or UPN of the user
New password for the user (SecureString)
Off
User must change the password on next sign-in
Off
Require password change without setting a new password
Unique ID of the tenant