- Parse a list of server names
- Verify the server is online
- Only try to change the password if it is online
- Tell me if it succeeded, failed, or skipped a down system
Fortunately, all of this is available in Powershell with little real effort. Below is a quick script to do all of the above. Before running it, be sure that:
- The account you're running it under has administrative rights to each system. If you're spanning domains without trusts, you should use the "Stored Usernames and Passwords" control panel to add your credentials for each domain (specify the resource as *.domain.name, and use FQDN's in step 2).
- You create a list of servers, one per line, called "serverlist.txt" in the same folder from which you run the script (you can change the filename and path by editing the script below).
- You change the placeholders below to have the proper local admin username and new password (we have a GPO to rename the administrator account, so I don't assume "Administrator")
The script:
$erroractionpreference = "SilentlyContinue"
foreach ($Computer in get-content serverlist.txt) {
$ServerName = $Computer.ToUpper()
$ping = new-object System.Net.NetworkInformation.Ping
$Reply = $ping.send($Computer)
if($Reply.status -eq "success") {
Write-Host "$ServerName is online"
$Admin=[adsi]("WinNT://" + $Computer + "/--ADMINUSERNAMEHERE--, user")
$Admin.PSBase.Invoke("SetPassword", "--NEWPASSWORDHERE--")
# Verify password was just changed
$PasswordAge = $Admin.PasswordAge
If($PasswordAge -ne $null) {
Write-Host "$ServerName password change SUCCEEDED"
} Else {
Write-Host "$ServerName password change FAILED"
}
} Else {
Write-Host "$ServerName is not online - skipping"
}
}
