We’ve created a PowerShell script which will reset the password of all users in a specific OU.

I prefer to set unique high-end passwords for all users. If you prefer a more ‘user friendly’ approach simply remove the “Function” and set the $Password variable to something else.

Let me know if you need any help adjusting it.

#	Reset Password for a OU - jocha.se
#

Import-Module ActiveDirectory

$OU = "ou=OfficeA,dc=DOMAIN,dc=LOCAL" # Change OU

Function Get-RandomPassword {
    $length = 8
    $characters = 'abcdefghkmnprstuvwxyzABCDEFGHKLMNPRSTUVWXYZ'
    $nonchar = '123456789!$%&?#'
    $random = 1..$length | ForEach-Object { Get-Random -Maximum $characters.length }
    $random2 = 1..2 | ForEach-Object { Get-Random -Maximum $nonchar.length }
    $private:ofs= "" 
    $ThePassword = [String]$characters[$random] + [String]$nonchar[$random2]
    return $ThePassword
}

$Users = (Get-ADUser -filter * -SearchBase $OU | select DisplayName, SamAccountName  )
ForEach ($User in $Users) {
    $Username = $User.SamAccountName
    $DisplayName = $User.DisplayName
    $Password = Get-RandomPassword

    Write-host $DisplayName / $Username / $Password
    Set-ADAccountPassword -id $username -NewPassword (ConvertTo-SecureString -AsPlainText $Password -Force) -WhatIf
}