A common task for service desk is to reset an end-user password. A common scenario is that the operator has to fill in an incident form, start Active Directory Users and Computers console, find the user, reset the password, notify the password over the phone or send it in a e-mail to the end-user. There are a lot of steps; the operator sees the password and it is not good practise to give out passwords over the phone. In this post I will show you one solution to this issue. I will use a vbscript, a powershell script and the updated version of Patrik’s cmdlets for Service Manager.
The first script, resetpassword.vbs1, will ask the operator for a username and an e-mail address. The username is the user that needs a new password. The e-mail address is the mailbox that will receive the new e-mail. This could be a colleague e-mail address or a private e-mail address of the affected user.
The second script, password.ps1, is a powershell script that will create a closed incident for this task. This script is started by the vbscript resetpassword.vbs. For many service desks it is important to track all calls, and with this powershell script a new incident will be created and closed in the background.
You need to create a task in the console. This task will be used to trigger resetpassword.vbs. Create the task with the following settings:
- Task Name: Contoso – Reset Password
- Description: A task to quick reset a password
- Target class: Incident
- Management Pack: for example Service Manager Incident Management Configuration Library
- Categories: Incident Support Groups Folder Tasks
- Command Line – path: C:\windows\system32\cscript.exe
- Command Line – parameters: C:\scripts\resetpassword.vbs
- Command Line – Working directory: %windir%\system32
- uncheck, log in action log when this task is run
- check, show output when this task is run
This task will trigger the vbscript and will then show the operator two dialog boxes, one for an e-mail and one for a username.
the next dialogue box will ask for an e-mail.
the task will run and after a minute you get
in the console you will see an incident which is closed with some default information
the e-mail with the new password is delivered to the e-mail address
You create a task, the task triggers the vbscript resetpassword.vbs. The vb script asks for a username and an e-mail address. The script will then generate a complex password (thanks to Martijn Haverhoek). The new password will be sent in an e-mail to the specified e-mail address.
You can download my scripts here.
To get this to work in your environment you need to customize the scripts a bit. You first need to download the Service Manager cmdlets from Codeplex and install them. In the resetpassword.vbs script you will need to change the domain LDAP path (around line 20), e-mail settings (around line 62), domain name (around line 82) and script paths (around line 90).