How do I bulk reset passwords for all users in an OU?
Much easier than that. Install the (depending on your flavour of your workstation OS) Remote Server Administration Tools so you get the AD DS tools. Don't forget to go into your Windows Features in Control Panel to enable the correct toolsets.
Once you've done that, the following command will achieve your desired result:
DSQUERY user "OU=myOU,OU=myUsers,DC=myDomain,DC=loc" -limit 0 | DSMOD user -pwd <insert new password here>
~ Replace "OU=myOU,OU=myUsers,DC=myDomain,DC=loc" with the distinguishedName of the OU containing the users to be changed
I just want to throw this out there and say this is a horrible idea. If the need to change 10K user passwords is present, a bulk reset should not be part of the process. At best, simply forcing a change next time a user logs on would prevent the gigantic security hole you are opening.
Here's a PowerShell variant to add to the mix. Run this from the Active Directory Modules for Windows Powershell. Note that the password must meet any requirements (length, complexity etc) specified by domain policy.
Things you'll need to change in this are the -SearchBase
parameter and the -NewPassword
parameter.
Use Import-Module ActiveDirectory
to add the Active Directory Modules into the default PowerShell.
Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=Department,OU=Users,DC=corp,DC=acme-widgets,DC=local" | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "New Password Here" -Force)
To see what users this will affect before you run the command above, issue this command to give you a list of affected accounts.
Get-ADUser -Filter * -SearchScope Subtree -SearchBase "OU=Reset Pwd 2,OU=Reset PWD 1,DC=corp,DC=acme-widgets,DC=local" | Ft Name