Curly Blue and the meaning of scripting – Part 5


Summary: Curly Blue learns the true meaning of scripting in PowerShell.

When we last saw our hero, Curly Blue, he had discovered not only the ease of use of PowerShell but also the vast community resources provided by Github.

Because of this one reason alone, his co-workers, Loopy and Codestock, had no need to fret over the upcoming holiday weekend. Their task was solved in a quick and cost-effective manner.

Curly sat down to reflect upon his past 24 hours of “intensive PowerShell training” with his co-workers.

“At first I came in and was apprehensive about scripting. I personally didn’t find it useful due to my unusual set of skills. Because I could do everything so quickly by using keyboard shortcuts and fast typing for data entry, the need didn’t come up before.”

“However,” Linux pointed out, “your skills, although strong, didn’t easily scale. This is where automation came into play.”

Curly nodded. “And, as Azura showed me, there were many tools in Windows that I could use to get good working examples of Windows PowerShell from the GUI itself!”

Hermie nodded emphatically to this last one. “I’m surprised each day just how much of my work I can replicate in PowerShell thanks to that one feature alone! I used those sample cmdlets to build a New User script the other day!”

“I thought you said onboarding a new user was a one hour task,” Linux looked quizzically over at Hermie.

“Er … well yes…. It used to be, “ he shyly acknowledged. I spent that last hour figuring out how to turn the cmdlets from the Active Directory Administrative Console (ADAC) into a simple script. Now it’s a no brainer!”

“Don’t forget about the Common Information Model (CIM) cmdlets and the massive wealth of inventory information they hold as well!” she chimed in. “The serial number was just scratching the surface as you can pull free drive space and physical ram configurations from workstations in a very similar manner.”

Curly sat there just imagining how much he could do with PowerShell in this way. Never needing to run to a system, especially remote systems in distant geographic locations.

“And also, thanks to that PowerShell script that you found on GitHub, we all get to go home early tonight!” squeeked out Loopy and Codestock in a sound so shrill everyone in the room just winced!

The whole team smiled realizing the mid-afternoon had barely started when Linux noted something critical. “I think the boss already left for the weekend. Shall we invoke the ‘Tail Light Rule’?

With a thundering of footsteps, you would have thought somebody said that tonight was ‘Free PowerShell sticker’ night at a user group. They had all disappeared for that holiday weekend with their families.

Epilogue

The long holiday weekend has completed. As the newest person to the IT Department, Curly was tasked with that most daunting of tasks. He had to unlock every user who had forgotten his or her own passwords in Active Directory after a long restful weekend.

It appears some people got a bit too restful.

Curly Immediately opened the ADAC, reset the password for one account, and was ready for a long morning of headache. He then remembered that trick he was shown to see how it was done in PowerShell. He noted the line that ran in the PowerShell window of ADAC.

Set-ADAccountPassword -Identity:"CN=Ernest DeRoche,OU=Users,DC=CONTOSO,DC=COM" -NewPassword:"System.Security.SecureString" -Reset:$true -Server:"ContosoDC01.Contoso.Com"

Set-ADUser -ChangePasswordAtLogon:$true -Identity:" CN=Ernest DeRoche,OU=Users,DC=CONTOSO,DC=COM " -Server:" ContosoDC01.Contoso.Com "

He quickly pinged Linux to get a little help, having learned a long time ago that when you work as a team you can perform tasks quickly. He set up a quick Skype for Business session to show the sample he got from ADAC.

“So, you’d like to reset a batch of users with a temporary password for the morning? No problem at all. First, we need to set a default password for the morning.”

$Password=’T00muchCh33r’

$SecurePassword=ConvertTo-SecureString -asplaintext -force $Password

“Next we’ll need a list of those locked-out accounts.”

Linux showed him a line in PowerShell to get a list of locked-out accounts in Active Directory.

$Locked=Search-ADAccount-LockedOut

“We can take this list and step through it with a Foreach statement in PowerShell like this,” Linux said as he typed the example in the chat window.

Foreach ( $User in $Locked )
{
$User
}

I can now take your sample code and paste it into the PowerShell loop.

$Password=’T00muchCh33r’
$SecurePassword=ConvertTo-SecureString -asplaintext -force $Password
$Locked=Search-ADAccount-LockedOut
Foreach ( $User in $Locked )
{
Set-ADAccountPassword -Identity:"CN=Ernest DeRoche,OU=Users,DC=CONTOSO,DC=COM" -NewPassword:"System.Security.SecureString" -Reset:$true -Server:"ContosoDC01.Contoso.Com"
Set-ADUser -ChangePasswordAtLogon:$true -Identity:" CN=Ernest DeRoche,OU=Users,DC=CONTOSO,DC=COM " -Server:" ContosoDC01.Contoso.Com "
}

“We then replace the stuff after -identity with a reference to the user’s identity which appears to be the DistinguishedName in Active Directory. We’ll also insert the PowerShell object for $SecurePassword after Password.

$Password=’T00muchCh33r’
$SecurePassword=ConvertTo-SecureString -asplaintext -force $Password
$Locked=Search-ADAccount-LockedOut
Foreach ( $User in $Locked )
{
Set-ADAccountPassword -Identity:$User.DistinguishedName -NewPassword:$SecurePassword -Reset:$true -Server:"ContosoDC01.Contoso.Com"
Set-ADUser -ChangePasswordAtLogon:$true -Identity:$User.DistinguishedName -Server:" ContosoDC01.Contoso.Com "
}

Curly ran the new script that he had created thanks to the assistance of his buddy, Linux. Within moments, the only thing he had to do was smile and communicate the new temporary password to the locked-out staff.

He had truly discovered the true meaning of scripting!

Happy Holidays to everyone from Hey, Scripting Guy! We hope you and yours enjoy the time with your loved ones.

I invite you to follow the Scripting Guys on Twitter and Facebook. If you have any questions, send email to them at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow.

Until then, always remember that with Great PowerShell comes Great Responsibility.

Sean Kearney
Honorary Scripting Guy
Cloud and Datacenter Management MVP

Comments (0)

Skip to main content