PowerShell e Active Directory: Reset password e gestione account

Set-ADAccountPassword -Identity "mario.rossi" `
    -NewPassword (ConvertTo-SecureString "NuovaP@ss1!" -AsPlainText -Force) `
    -Reset

Set-ADAccountPassword -Identity "mario.rossi" `
    -NewPassword (ConvertTo-SecureString "NuovaP@ss1!" -AsPlainText -Force) `
    -Reset

Set-ADUser -Identity "mario.rossi" -ChangePasswordAtLogon $true

Set-ADUser -Identity "mario.rossi" -ChangePasswordAtLogon $true

Unlock-ADAccount -Identity "mario.rossi"

Unlock-ADAccount -Identity "mario.rossi"

Get-ADUser -Identity "mario.rossi" -Properties LockedOut, BadLogonCount, LastBadPasswordAttempt |
    Select-Object Name, LockedOut, BadLogonCount, LastBadPasswordAttempt

Get-ADUser -Identity "mario.rossi" -Properties LockedOut, BadLogonCount, LastBadPasswordAttempt |
    Select-Object Name, LockedOut, BadLogonCount, LastBadPasswordAttempt

Search-ADAccount -LockedOut | Select-Object Name, SamAccountName, LastLogonDate

Search-ADAccount -LockedOut | Select-Object Name, SamAccountName, LastLogonDate

# Impostare una data di scadenza
Set-ADAccountExpiration -Identity "mario.rossi" -DateTime "2026-12-31"

# Rimuovere la scadenza (account senza scadenza)
Clear-ADAccountExpiration -Identity "mario.rossi"

# Verificare la scadenza
Get-ADUser -Identity "mario.rossi" -Properties AccountExpirationDate |
    Select-Object Name, AccountExpirationDate

# Impostare una data di scadenza
Set-ADAccountExpiration -Identity "mario.rossi" -DateTime "2026-12-31"

# Rimuovere la scadenza (account senza scadenza)
Clear-ADAccountExpiration -Identity "mario.rossi"

# Verificare la scadenza
Get-ADUser -Identity "mario.rossi" -Properties AccountExpirationDate |
    Select-Object Name, AccountExpirationDate

Search-ADAccount -PasswordExpired | Select-Object Name, SamAccountName, PasswordExpired

Search-ADAccount -PasswordExpired | Select-Object Name, SamAccountName, PasswordExpired

$giorni = 7
Search-ADAccount -AccountExpiring -TimeSpan (New-TimeSpan -Days $giorni) |
    Select-Object Name, SamAccountName, AccountExpirationDate

$giorni = 7
Search-ADAccount -AccountExpiring -TimeSpan (New-TimeSpan -Days $giorni) |
    Select-Object Name, SamAccountName, AccountExpirationDate

$utente = "mario.rossi"

# 1. Verificare lo stato dell'account
Get-ADUser -Identity $utente -Properties LockedOut, BadLogonCount |
    Select-Object Name, LockedOut, BadLogonCount

# 2. Sbloccare l'account
Unlock-ADAccount -Identity $utente

# 3. Impostare una password temporanea
Set-ADAccountPassword -Identity $utente `
    -NewPassword (ConvertTo-SecureString "Temp@1234!" -AsPlainText -Force) `
    -Reset

# 4. Forzare il cambio password al prossimo accesso
Set-ADUser -Identity $utente -ChangePasswordAtLogon $true

# 5. Verifica finale
Get-ADUser -Identity $utente -Properties LockedOut, PasswordExpired, ChangePasswordAtLogon |
    Select-Object Name, LockedOut, PasswordExpired, ChangePasswordAtLogon

$utente = "mario.rossi"

# 1. Verificare lo stato dell'account
Get-ADUser -Identity $utente -Properties LockedOut, BadLogonCount |
    Select-Object Name, LockedOut, BadLogonCount

# 2. Sbloccare l'account
Unlock-ADAccount -Identity $utente

# 3. Impostare una password temporanea
Set-ADAccountPassword -Identity $utente `
    -NewPassword (ConvertTo-SecureString "Temp@1234!" -AsPlainText -Force) `
    -Reset

# 4. Forzare il cambio password al prossimo accesso
Set-ADUser -Identity $utente -ChangePasswordAtLogon $true

# 5. Verifica finale
Get-ADUser -Identity $utente -Properties LockedOut, PasswordExpired, ChangePasswordAtLogon |
    Select-Object Name, LockedOut, PasswordExpired, ChangePasswordAtLogon

Name        LockedOut PasswordExpired ChangePasswordAtLogon
----        --------- --------------- ---------------------
Mario Rossi     False           False                  True

Name        LockedOut PasswordExpired ChangePasswordAtLogon
----        --------- --------------- ---------------------
Mario Rossi     False           False                  True