Ironman Software Forums
Continue the conversion on the Ironman Software forums. Chat with over 1000 users about PowerShell, PowerShell Universal, and PowerShell Pro Tools.
Creating an Active Directory Self Service Password Reset Form in PowerShell Universal
July 23, 2024
Discuss this Article
In this post, we’ll walk through how to create an Active Directory Self Service Password Reset Form in PowerShell Universal. There are several ways to achieve this. We’ll look at using a script, by creating a form in an app and calling the script and finally, look at how to achieve this in PowerShell Universal v5 with Portal Widgets.
Active Directory Password Reset Script
The first task we need to complete is to use the Set-ADAccountPassword cmdlet to reset the password. This cmdlet is available in the ActiveDirectory module. PowerShell Universal will need to have access to Active Directory in order to run this script. You can also setup Run As credentials to use another account.
Our script will accept the password and a confirmation password to ensure they match. We’ll use the current user’s context to decide which account to reset. By using SecureString we ensure that the UI will render the password as a password field. Using ParameterAttribute allows us to use the Mandatory parameter attribute to ensure that the user provides the required parameters. Including the Help attribute property will provide a description of the parameter when the user hovers over the parameter in the form. The $UAJob variable is a built-in variable that contains information about the current job; including the user’s identity.
param(
[Parameter(Mandatory)]
[SecureString]$Password,
[Parameter(Mandatory, HelpMessage = "Confirm New User Password")]
[SecureString]$ConfirmPassword
)
$Password = ConvertFrom-SecureString -SecureString $Password -AsPlainText
$ConfirmPassword = ConvertFrom-SecureString -SecureString $ConfirmPassword -AsPlainText
if ($Password -ne $ConfirmPassword) {
throw 'Passwords do not match'
}
$Password = ConvertTo-SecureString $Password -AsPlainText -Force
Reset-ADAccountPassword -Identity $UAJob.Identity.Name -NewPassword $Password
To create a script in PowerShell Universal, click Automation \ Scripts and then click Create New Script. You can then paste the script into the editor. Once you’ve done so, you can try to run the script. It will display a dialog with the parameters that you need to provide.
If you run the script with mismatched passwords, you’ll see an error message.
There are a couple of downsides to this approach. First, the password check is after the form has been submitted and the script has been run. This means that the user will have to re-enter the password if they don’t match. Second, the user will need to use the admin console to run the script. This can be a bit cumbersome for non-technical users. In our next section, we’ll look at how to create a form in an app to make this process easier.
Active Directory Password Reset Form in an Universal App
To create a form in an app, click on User Interfaces, Apps and then Create New App (in version v5, it will be under the Apps node). Once the app is created, you will need to define the form and call Invoke-PSUScript to run the script.
New-UDApp -Title 'Active Directory Self Service Password Reset' -Content {
New-UDForm -Content {
New-UDTextbox -Type password -Id Password -Label 'Password'
New-UDTextbox -Type password -Id ConfirmPassword -Label 'Confirm Password'
} -OnSubmit {
$Password = $EventData.Password
$ConfirmPassword = $EventData.ConfirmPassword
if ($Password -ne $ConfirmPassword) {
Show-UDToast -Message 'Passwords do not match' -Duration 4000 -Position topLeft -BackgroundColor red -MessageColor white
return
}
Invoke-PSUScript -Name 'ResetPassword.ps1' -Parameters @{
Password = $Password
ConfirmPassword = $ConfirmPassword
} -Wait
Show-UDToast -Message 'Password Reset' -Duration 4000 -Position topLeft -BackgroundColor green -MessageColor white
}
}
This form will display two password fields. When the form is submitted, it will check to see if the passwords match. If they do, it will call the ResetPassword.ps1 script. If they don’t, it will display a toast message.
As you can see, the form is very simple and straight forward. You can also assign role-based access to the app to ensure that only certain users can access the form. The one downside is the need to define the app yourself. It does provide the most flexibility, however.
PowerShell Universal v5 Portal Widget
PowerShell Universal v5 provides a Portal Widget for this very purpose. You don’t need to write any code to create the form. You can simply drag and drop the widget onto the Portal Page and configure some settings.
