locked
How can I use powershell to reset a Users Password and have the WAAD send them an email RRS feed

  • Question

  • I would like to perform functionality similar to the way the reset password functionality for WAAD users in the Azure portal, but I want to be able to do it from a powershell script.  I can create users just fine.  I am not setting their password so a temp is being auto-generated for them.  I would like for WAAD to send them an email telling them how to (re)set their password, just like the email you would receive if you reset a user pw via the portal.  I've look through the cmdlets but I can't find it.  What am I missing?

    Thanks,

    John

    Wednesday, May 1, 2013 9:01 PM

All replies

  • I'm not sure it's possible via PowerShell. It seems to me that the PowerShell interface was meant to allow you to do things outside the scope of the Portal, including sending your own password reset email.

    Developer Security MVP | www.syfuhs.net

    Wednesday, May 1, 2013 9:24 PM
  • That seems a bit short-sighted to me.  Sure, sending my own email is an option but since that functionality is already built into the portal, just like the ability to create / delete / modify users is built into the portal, it would make some sense to expose this functionality as well.  It would also mean that I would have to build my own landing page for them to reset their pw... 
    Thursday, May 2, 2013 3:48 AM
  • Well yes, but then why are you using PowerShell to reset the password then?

    To say its shortsighted is in itself a bit shortsighted. We're talking about an API to the provisioning service -- it's not an API to the portal. There's a very important distinction. The provisioning service does not send out emails, the portal sends out emails. If you want to send out emails on password reset then use the portal.


    Developer Security MVP | www.syfuhs.net

    Thursday, May 2, 2013 4:41 AM
  • Steve,

        The reason why I would like to use powershell in this case is to give our admin folks a single interface by which they can manage users and groups and the portal is evolving and doesn't contain everything we need.  So instead of having to remember when to use what admin functionality, the thought was providing it in one place to reduce the potential poor user experience that would result from having them use 2+ different services to do their job.  Having said that, resetting passwords isn't the only place this impedance mismatch occurs.  When you create a user, unless you are providing pw's that they already know, they also need to be able to reset their own pw's.  Having the ability to create a user and send out the email from a single interface seems like a desirable workflow.  I would like to leverage the work the folks in WAAD have done to perform this.  And to be clear, I wasn't saying you were short-sided.  Sorry if it came across like that.  I was referring to the functionality provided in the graph / wif / power shell api's.  This is functionality that someone is going to have to provide and if it is already created leveraging that seems desirable.

    Thursday, May 2, 2013 2:15 PM
  • Thanks for the feedback.

    We'll take a look at the request and see if it makes sense to add this as part of the Azure AD PowerShell to create a new user or reset a user's password.  In the meantime is it possible for you to create a script that creates the user using AAD PowerShell and then mail the user using a different PowerShell module?

    HTH


    Dan Kershaw [msft]


    Saturday, May 4, 2013 6:01 PM