Powershell: Password-Recycler.ps1

**PowerShell Script for Recyling Passwords** In this blog post, we will explore a PowerShell script that recycles passwords for Active Directory users. This script can be useful in scenarios where you need to update user passwords regularly. **Introduction** Before diving into the script, let's first understand what it does. The script prompts the user to enter a username and original password. It then checks if the user has the right to reset the password and if so, it generates a new password by appending a unique string to the original password. The script continues to generate new passwords until a maximum count is reached. **Prerequisites** Before running this script, you need to have the Active Directory PowerShell module installed on your system. You can install it by running the following command:

Install-Module -Name ActiveDirectory -ErrorAction Continue

Additionally, make sure you have the necessary permissions to read and write to the Active Directory. **The Script** Here is the full script: ```

The Script

The script starts by clearing the host window and importing the Active Directory module.

Clear-Host
Import-Module -name ActiveDirectory -ErrorAction Continue

$Skull = @{
    object = [Char]9760
    Foregroundcolor = 'white'
}

$eggtimer = @{
    object = [Char]9203
    ForegroundColor = 'green'
    }
$greentick = @{
  Object = [Char]10004
  ForegroundColor = 'Green'
  } 


$recyclearrow = @{
    object = [char]11118
    foregroundcolor = 'green'
}

	$count = 1
	$maxcount = 30
	$account = read-host "Enter Username to recycle" -Verbose
	$pwd = Read-host "Enter Original Password"
	if ($account -ne "" -or $pwd -ne "")
	{
		write-host
        write-host @eggtimer -NoNewline
        Write-host " Checking for rights to recycle password for " -foregroundcolor Yellow -NoNewline
        write-host $account -foregroundcolor cyan -nonewline
        write-host ", Please Wait...`n" -ForegroundColor Yellow
                
        $rights_check = Get-ADUser -Filter 'samaccountname -eq $account' -Properties * -SearchBase "OU=Users,DC=contoso,DC=com" <#| where-object {($_.SamAccountName -eq $account)}#> | Select-Object -ExpandProperty cannotchangepassword
		if ($rights_check -eq "true"){
			Write-Host "Password reset right: " -foregroundcolor Yellow -NoNewline
            Write-host @greentick -NoNewline
            Write-host "`n" 
		
            do
			{
		        $newpwd = $pwd+"ABDC@#$%00000000"+$count
				Write-host @recyclearrow -NoNewline 
                write-host " Setting Password for " -ForegroundColor Yellow -nonewline
                write-host "'$account'" -ForegroundColor Cyan -Nonewline
                write-host " to $newpwd" -ForegroundColor Yellow
				Set-ADAccountPassword -Identity $account -NewPassword (ConvertTo-SecureString -AsPlainText $newpwd -Force) 
				$count++
				start-sleep -milliSeconds 100
			}
			until ($count -gt $maxcount)
            Write-host @recyclearrow -NoNewline 
            write-host " Setting Password for " -ForegroundColor Yellow -nonewline
            write-host "'$account'" -ForegroundColor Cyan -Nonewline
            write-host " to $pwd" -ForegroundColor Yellow
			Set-ADAccountPassword -Identity $account -NewPassword (ConvertTo-SecureString -AsPlainText $pwd -Force) 
				
		} else	{
			write-host @skull -NoNewline
            Write-host " You do not have rights to change that password!`n"	-ForegroundColor red
		}
		
		
	} else {
		write-host @skull -NoNewline
        Write-host "Username or password not entered!" -ForegroundColor red
	}

**How It Works** The script works by first checking if the user has the right to reset the password. If the user has the right, it generates a new password by appending a unique string to the original password and sets the new password for the user. The script continues to generate new passwords until a maximum count is reached. **Key Code Snippets** Here are some key code snippets from the script: ```

Key Code Snippets

The following code snippet generates the new password:

$newpwd = $pwd+"ABDC@#$%00000000"+$count
Write-host @recyclearrow -NoNewline 
write-host " Setting Password for " -ForegroundColor Yellow -nonewline
write-host "'$account'" -ForegroundColor Cyan -Nonewline
write-host " to $newpwd" -ForegroundColor Yellow

The following code snippet sets the new password:

Set-ADAccountPassword -Identity $account -NewPassword (ConvertTo-SecureString -AsPlainText $newpwd -Force) 

**Usage Examples** Here are some usage examples of the script: ```

Usage Examples

To use this script, simply run it and enter the username and original password when prompted.

$ .\Password-Recycler.ps1
Enter Username to recycle: [username]
Enter Original Password: [password]

**Conclusion** In conclusion, this PowerShell script provides a useful tool for recycling passwords in Active Directory. The script is easy to use and can be customized to fit your specific needs.