This is a simple script that will take a list of published credentials from REN-ISAC and check if the credentials are valid. If valid, automatically resets. Always comment out verbs and dry run before use.

####### Variables #####

$ListFromRenIsac = "C:\scripts\compro.txt"

$NotMe = (get-adgroupmember "Domain Admins").name

#######################

# Credential Test function via https://gallery.technet.microsoft.com/scriptcenter/Test-Credential-dda902c6

#######################

Function Test-Credential {

    [OutputType([Bool])]

    

    Param (

        [Parameter(

            Mandatory = $true,

            ValueFromPipeLine = $true,

            ValueFromPipelineByPropertyName = $true

        )]

        [Alias(

            'PSCredential'

        )]

        [ValidateNotNull()]

        [System.Management.Automation.PSCredential]

        [System.Management.Automation.Credential()]

        $Credential,

 

        [Parameter()]

        [String]

        $Domain = $Credential.GetNetworkCredential().Domain

    )

 

    Begin {

        [System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement") |

            Out-Null

 

        $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext(

            [System.DirectoryServices.AccountManagement.ContextType]::Domain, $Domain

        )

    }

 

    Process {

        foreach ($item in $Credential) {

            $networkCredential = $Credential.GetNetworkCredential()

            

            Write-Output -InputObject $(

                $principalContext.ValidateCredentials(

                    $networkCredential.UserName, $networkCredential.Password

                )

            )

        }

    }

 

    End {

        $principalContext.Dispose()

    }

}

### End Function ###

####################

 

#REN-ISAC copy paste

$names = get-content $ListFromRenIsac

 

Foreach ($N in $names)

{

$test = $false

$NPW = ''

$pass = ''

$UN = ''

$ID = ''

$pass = $N.split(":")[1]

$UN = $N.split(":")[0]

$spass = ConvertTo-SecureString "$pass" -AsPlainText -Force

$creds = New-Object System.Management.Automation.PSCredential ("$UN", $spass)

sleep 1

#If credential tests true, reset password

$test = Test-Credential -Credential $creds

$ID = $N.split("@")[0]

 write-host $N " Account is live!"

    if ($test -eq $true -and $ID -notin $notme)

        {

         

           #Reset Password

                $set = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJLKMNOPQRSTUVWXYZ!????!!!??!!!??!!!!".ToCharArray()

                $j = 0

                while ($j -le 10)

                {

                    $NPW += $set | Get-Random

                    $j ++

                }

               

            Set-ADAccountPassword -Identity $ID -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$NPW" -Force)

         

          write-host "Password reset on $N!"

   

        }

}