PowerShell Script to Reset User's Password in G Suite (Google Apps)
The PowerShell script provided here resets a user's password in G Suite. ADSelfService Plus, an Active Directory (AD) self-service password management, and single sign-on solution, offers the Password Reset feature that allows users to reset their AD passwords. It also offers the Password Synchronization feature that syncs users’ passwords and any changes to it with their user accounts in applications like G Suite. When both these features are configured, users can use the same password to log into G Suite and their AD domain, and can reset this password without help desk intervention. Here is a comparison between resetting user's G Suite passwords using PowerShell and ADSelfService Plus.
PowerShell
$scriptBlock = {
Import-Module gShell
$userID = "%mail%" # TODO: modify me
$newPassword = "Password" # TODO: modify me
Set-GAUser -UserKey $userID -NewPassword $newPassword
}
try
{
Invoke-Command -ComputerName localhost -ScriptBlock $scriptBlock -ErrorAction Stop
}
catch
{
$Context.LogMessage("An error occurred when reseting password for user. Error: " + $_.Exception.Message, "Warning")
}
ADSelfService Plus
Feature configuration is as simple as:
- Creating an ADSelfService Plus policy,
- Specifying the users for the policy.
- Selecting Password Reset and other self-service actions for respective users.
Configuration involves:
- Selecting the application for which passwords are to be synced.
- Selecting the right ADSelfService Plus policy whose users' passwords are to be synced.
Screenshots:
- Self-service password reset (SSPR):
With ADSelfService Plus, users can reset their passwords from:
- The logon screens of their Windows, Linux, or macOS machines.
- Web browsers by accessing the ADSelfService Plus portal, which can be configured to be accessed through all major web browsers.
- Their mobile devices by accessing the ADSelfService Plus iOS or Android mobile app or mobile site.
- Their private networks, even remotely. Furthermore resetting their passwords, ADSelfService Plus also lets users update their cached credentials.
- Choose who can reset their G Suite passwords:
While creating the ADSelfService Plus policy, administrators can choose to allow only users belonging to specific domains, OUs and groups to reset G Suite passwords.
- Secure password resets:
ADSelfService Plus offers the Multi-factor Authentication that secures self-service actions like password resets performed by the user. When this feature is configured, users have to complete multiple levels of authentication using any of the 15 methods enabled by the administrator before proceeding to reset their password or perform any other self-service action. Also, administrators can specify the maximum number of password resets that can be performed by users in a specific number of days.
- Synchronize password changes made through multiple mediums:
ADSelfService Plus allows password resets made from the ADSelfService portal and mobile app, and the Windows, macOS and Linux login screens to be synchronized with the applications. Password changes in the Ctrl+Alt+Del console and password resets in the Active Directory Users and Computers portal could be synchronized as well.
- Synchronize G Suite password with multiple applications:
Using ADSelfService Plus, users' passwords can be synchronized between G Suite, AD and other on-premises and cloud applications like Office 365 and Salesforce.
- Prevent creation of weak passwords:
ADSelfService Plus' Password Policy Enforcer allows administrators to create and enforce custom password policies that inhibit the creation of weak passwords that are vulnerable to hacks.
Empower users to reset their G Suite passwords.
Get 30-day free trial.
