Bulk Password Reset of Microsoft 365 Users using PowerShell

In Microsoft Office 365 environment, Helpdesk admins (or Password administrators) receive frequent requests to reset password for the new on-board users or users who forgot their password. In this post, we will explore how to reset password for bulk Azure AD user accounts using PowerShell.

Before you start, install the latest Azure AD PowerShell V2 module, and run the following command to connect the module.

Connect-AzureAD

Summary

Set password for a single Microsoft 365 user account

We can use the Set-AzureADUserPassword cmdlet to set the password for a user in Azure Active Directory. Run the below command to set a new password for a single Office 365 user.

#Convert the password to a secure string 
$NewPassword = ConvertTo-SecureString "p#ssw@rd123" -AsPlainText -Force
#Set the new password
Set-AzureADUserPassword -ObjectId "[email protected]" -Password $NewPassword

If you are setting a one-time password for your user, you need to set the –ForceChangePasswordNextLogin parameter as $True, it will force the user to change their password during their next log in.

#Convert the password to a secure string 
$NewPassword = ConvertTo-SecureString "p#ssw@rd123" -AsPlainText -Force
#Set the new password and set force change password at next login flag
Set-AzureADUserPassword -ObjectId "[email protected]" -Password $NewPassword -ForceChangePasswordNextLogin $True

You need to provide a strong password that complies with your password policy complexity. Otherwise, you will get the below error message.

Set-AzureADUserPassword : Error occurred while executing SetUser Code: Request_BadRequest
Message: The specified password does not comply with password complexity requirements. Please provide a different password.

Set Password for Bulk Microsoft 365 users by Import details from CSV

To set a temporary password for users in bulk, we can keep the required user details (UPN and Password) in a CSV file. Consider the CSV file “AzureADUsersPwd.csv” (Download sample CSV) which holds the user details in each row with the column headers UserPrincipalName and Password.

The following script imports the user details from the CSV file and sets the password value in Azure AD for users one by one.

#Read user details from the CSV file
$CSVRecords = Import-CSV "C:\Temp\AzureADUsersPwd.csv"
$i = 0;
$TotalRecords = $CSVRecords.Count
 
#Array to add the status result
$UpdateResult=@()
 
#Iterate users one by one and set the password 
Foreach($CSVRecord in $CSVRecords)
{
$UserId = $CSVRecord.'UserPrincipalName'
#Convert the password to a secure string 
$NewPassword = ConvertTo-SecureString $CSVRecord.'Password' -AsPlainText -Force

 
$i++;
Write-Progress -activity "Processing $UserId " -status "$i out of $TotalRecords users completed"
 
try
{
#Set the password value and set force change password at next login flag
Set-AzureADUserPassword -ObjectId $UserId -Password $NewPassword -ForceChangePasswordNextLogin $True
$ResetStatus = "Success"
}
catch
{
$ResetStatus = "Failed: $_"
}
 
#Add reset password status
$UpdateResult += New-Object PSObject -property $([ordered]@{
User = $UserId
ResetPasswordStatus = $ResetStatus
})
}
 
#Display the reset password status result
$UpdateResult | Select User,ResetPasswordStatus | FT
 
#Export the reset password status report to a CSV file
#$UpdateResult | Export-CSV "C:\Temp\ResetPasswordStatus.CSV" -NoTypeInformation -Encoding UTF8

Generate random password and Reset for Bulk Office 365 users

Sometimes, we need to generate a random password and set the password to the Azure AD user. In this case, we can keep only the UPN of the required users in a CSV file. Consider the CSV file “AzureADUsers.csv” (Download sample CSV) which holds the user ids in each row with the column header UserPrincipalName.

The following script imports the user ids from the CSV file, create a random password for each user and set it to the users one by one. Finally, exports the new password and reset password status report to a CSV file.

#Read user ids from the CSV file
$CSVRecords = Import-CSV "C:\Temp\AzureADUsers.csv"
$i = 0;
$TotalRecords = $CSVRecords.Count
 
#Array to add the status result
$UpdateResult=@()
 
#Iterate users one by one and set a random password 
Foreach($CSVRecord in $CSVRecords)
{
$UserId = $CSVRecord.'UserPrincipalName'

$i++;
Write-Progress -activity "Processing $UserId " -status "$i out of $TotalRecords users completed"

#Generate a random password
$random_password = ''
$random_password +=  ("ABCEFGHJKLMNPQRSTUVWXYZ".ToCharArray() | Get-Random -Count 4) -join ''
$random_password += ("@#%&*?![\]^".ToCharArray() | Get-Random -Count 2) -join ''
$random_password += ("abcdefghijkmnopqrstuvwxyz".ToCharArray() | Get-Random -Count 4) -join ''
$random_password += ("123456789".ToCharArray() | Get-Random -Count 2) -join ''

#Convert the random password to a secure string 
$NewPassword = ConvertTo-SecureString $random_password -AsPlainText -Force

try
{
#Set the random password value
Set-AzureADUserPassword -ObjectId $UserId -Password $NewPassword -ForceChangePasswordNextLogin $True
$ResetStatus = "Success"
}
catch
{
$ResetStatus = "Failed: $_"
}
 
#Add reset password status
$UpdateResult += New-Object PSObject -property $([ordered]@{
User = $UserId
NewPassword = $random_password
ResetPasswordStatus = $ResetStatus
})
}
 
#Display the reset password status result
$UpdateResult | Select User,NewPassword, ResetPasswordStatus| FT
 
#Export the reset password status report to a CSV file
$UpdateResult | Export-CSV "C:\Temp\BulkResetRandomPwdStatus.CSV" -NoTypeInformation -Encoding UTF8
Advertisement

Leave a Comment