UB-Lockdown-Scripts/ADpasswordSetting at main · mudkipmaster/UB-Lockdown-Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Define variables
$OutputFile = "C:\TeamX_UserPasswords.txt"  # Replace X with your team number
$Domain = "YOURDOMAIN.local"               # Replace with your AD domain
$ExcludeUsers = @("dd-agent", "whiteteam", "blackteam", "grayteam", "datadog") # Excluded accounts

# Function to generate predetermined passwords
function Generate-PasswordList {
    param (
        [string]$OutputFile,
        [int]$PasswordLength = 16
    )

    # Import Active Directory module
    Import-Module ActiveDirectory

    # Get all users in the domain (limit to your team's OU)
    $users = Get-ADUser -Filter * -SearchBase "OU=YourTeamOU,DC=YOURDOMAIN,DC=local" -Properties *

    $passwordList = @()

    foreach ($user in $users) {
        if ($user.SamAccountName -notin $ExcludeUsers) {
            # Generate a random password for each user
            $newPassword = [System.Web.Security.Membership]::GeneratePassword($PasswordLength, 3)

            # Save the username-password pair
            $passwordList += @{
                Username = $user.SamAccountName
                Password = $newPassword
            }
        }
    }

    # Export the password list to the file
    $passwordList | Export-Csv -Path $OutputFile -NoTypeInformation -Encoding UTF8
    Write-Host "Password list generated and saved to $OutputFile" -ForegroundColor Green
}

# Function to set passwords for users using the generated password list
function Set-PasswordsFromList {
    param (
        [string]$PasswordFile
    )

    # Check if the file exists
    if (-Not (Test-Path $PasswordFile)) {
        Write-Host "Password file not found: $PasswordFile" -ForegroundColor Red
        return
    }

    # Import the password list
    $passwordList = Import-Csv -Path $PasswordFile

    # Import Active Directory module
    Import-Module ActiveDirectory

    foreach ($entry in $passwordList) {
        $username = $entry.Username
        $password = $entry.Password

        try {
            # Set the new password for the user
            Set-ADAccountPassword -Identity $username -NewPassword (ConvertTo-SecureString -AsPlainText $password -Force) -Reset
            Write-Host "Password updated for user $username" -ForegroundColor Green
        } catch {
            Write-Host "Failed to update password for $username: $_" -ForegroundColor Red
        }
    }
    Write-Host "All passwords have been updated based on the list." -ForegroundColor Cyan
}

# Main menu
Write-Host "Choose an action:" -ForegroundColor Yellow
Write-Host "1. Generate Password List"
Write-Host "2. Set Passwords from List"
$choice = Read-Host "Enter your choice (1 or 2)"

switch ($choice) {
    1 {
        # Generate password list
        Generate-PasswordList -OutputFile $OutputFile
    }
    2 {
        # Set passwords from the existing list
        Set-PasswordsFromList -PasswordFile $OutputFile
    }
    default {
        Write-Host "Invalid choice. Exiting." -ForegroundColor Red
    }
}