THIS PAGE IS OBSOLETE - PLEASE VISIT http://psma.codeplex.com for latest version
This script is called on password changes and sets received from Password Change Notification Service (PCNS). If you do not use this, you should specify path to an empty script (script must exist).
The password change script is called once for each user that change or have their password reset. If the password change/set is unsuccesfull, the script should throw an error, i.e. throw "Failed". This error will be logged in the eventlog.
Below is a sample of a script that is called for password changes and sets -
param
$NewPassword,
[switch] $UnlockAccount,
[switch] $ForceChangeAtLogOn,
[switch] $ValidatePassword
)
(
$Username,
$Password,
$Credentials,
$Credentials,
$Action, # will be set
to either 'Set' or 'Change'
$OldPassword,$NewPassword,
[switch] $UnlockAccount,
[switch] $ForceChangeAtLogOn,
[switch] $ValidatePassword
)
BEGIN
{
}
{
}
PROCESS
{
# with using this MA
$AccountName = $_["samaccountname"].Value
"Action: $Action" | Out-File "C:\Temp\_Options.txt"
"Old pwd: $OldPassword" | Out-File "C:\Temp\_Options.txt" -Append
{
# grab the
sAMAccountName value for use with this
# strange system, that
we are sync'in passwords# with using this MA
$AccountName = $_["samaccountname"].Value
"Action: $Action" | Out-File "C:\Temp\_Options.txt"
"Old pwd: $OldPassword" | Out-File "C:\Temp\_Options.txt" -Append
"New pwd: $NewPassword"
| Out-File "C:\Temp\_Options.txt" -Append
"Unlock: $UnlockAccount" | Out-File "C:\Temp\_Options.txt" -Append
"Force change: $ForceChangeAtLogOn" | Out-File "C:\Temp\_Options.txt" -Append
"Validate: $ValidatePassword" | Out-File "C:\Temp\_Options.txt" -Append
"$AccountName - $NewPassword" | Out-File "C:\Temp\_PasswordSets.txt"
# just throw an exception if the password set/change is unsuccesful
}
"Unlock: $UnlockAccount" | Out-File "C:\Temp\_Options.txt" -Append
"Force change: $ForceChangeAtLogOn" | Out-File "C:\Temp\_Options.txt" -Append
"Validate: $ValidatePassword" | Out-File "C:\Temp\_Options.txt" -Append
"$AccountName - $NewPassword" | Out-File "C:\Temp\_PasswordSets.txt"
# just throw an exception if the password set/change is unsuccesful
}
END
{
}
{
}
The $_ object passed in the pipeline for this script is of
type CSEntry and you should use this object to get attribute value
for the object that should have password changed/set.
The 'Action' parameters allows you to act to either a password reset or a password change accordingly. If it is a password reset, you should not receive a value in the parameter 'OldPassword'.
The 'Action' parameters allows you to act to either a password reset or a password change accordingly. If it is a password reset, you should not receive a value in the parameter 'OldPassword'.
There are a few parameters that is controlled through the
FIM Synchronization Manager and the configuration is passed to the script
-
- If the $UnlockAccount switch is true, an account unlock should be performed by the script.
- If the $ForceChangeAtLogOn switch is true, the script should configure the account to change its password at next logon (if possible)
- If the $ValidatePassword is set, the script should validate that the password is set correctly, if possible.
No comments:
Post a Comment