there!
I am new to Powershell and I need some help with this script.
I have just began to work helping our sysadmin with some tasks inside a Windows Server 2008 R2 AD Domain environment. I am trying to write a simple PowerShell script that allow the user to reset her own expired passwords, but it isn't working. This is the script:
$usuario = Read-Host "Introduzca el nombre de usuario";
$antigua = Read-Host "Introduzca la contraseƱa antigua" -AsSecureString;
$nueva = Read-Host "Introduzca la nueva contraseƱa" -AsSecureString;
Set-ADAccountPassword $usuario -Credential $usuario -OldPassword $antigua -NewPassword $nueva -Reset -Server <<ADServerName>>;
After execution, I get the following result:
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : PermissionDenied: ({user}:ADAccount) [Set-ADAccountPassword], UnauthorizedAccessException
- FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.UnauthorizedAccessException,Microsoft.ActiveDirectory.Management
.Commands.SetADAccountPassword
The user trying to reset her own password has no kind of admin permissions.
I don't know what is wrong with this, but I am sure that I am bypassing some PowerShell and/or AD fundamentals.
Thanks in advance for the help.
Enrique
Best Answer
The script is now working, with two little modifications: