+ Post New Thread
Results 1 to 5 of 5
Windows Server 2008 R2 Thread, Password reset through SMS in Technical; Hello, I am working on a project in my workplace to try and cut down the amount of password resets ...
  1. #1

    Join Date
    Oct 2013
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Password reset through SMS

    Hello,

    I am working on a project in my workplace to try and cut down the amount of password resets we do. The theory is that a user sends a message to reset@domain.com and then it sends them a reset link back and then they can log in. To do this I have a script that will run on the Server against the reset mailbox. The script now runs without any errors in the Shell just the system never knows the mobile number in question.

    Here is the script
    Code:
    #Add Quest Active Directory Management snapinAdd-PSSnapin Quest.ActiveRoles.ADManagement
    #Configuration Block
    $SmtpServer = "smtp.domain.com"
    $ResetEmail = "reset@domain.com"
    $Username = "reset"
    $Password = "Password"
    $Domain = "Domain"
    $MailServer = "https://server.domain.com/ews/exchange.asmx"
    
    
    #Download for file is here: http://www.microsoft.com/en-us/download/details.aspx?id=35371 
    [Reflection.Assembly]::LoadFile("C:\Program Files\Microsoft\Exchange\Web Services\2.0\Microsoft.Exchange.WebServices.dll")
    
    
    function Create-RandomString()
    {
      $aChars = @()
      $aChars = "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "C", "b", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "2", "3", "4", "5", "6", "7", "8", "9", "_", ";"
      $intUpperLimit = Get-Random -minimum 8 -maximum 10
    
    
      $x = 0
      $strString = ""
      while ($x -lt $intUpperLimit)
      {
         $a = Get-Random -minimum 0 -maximum $aChars.getupperbound(0)
         $strString += $aChars[$a]
         $x += 1
      }
    
    
      return $strString
    }
    
    
    $email = New-Object Microsoft.Exchange.WebServices.Data.ExchangeService([Microsoft.Exchange.WebServices.Data.ExchangeVersion]::Exchange2010)
    $email.Credentials = New-Object Net.NetworkCredential($Username, $Password, $Domain)
    $uri=[system.URI] $MailServer
    $email.Url = $uri
    $inbox = [Microsoft.Exchange.WebServices.Data.Folder]::Bind($email,[Microsoft.Exchange.WebServices.Data.WellKnownFolderName]::Inbox)
    
    
    if ($inbox.UnreadCount -gt 0)
    {
    $PropertySet = new-object Microsoft.Exchange.WebServices.Data.PropertySet([Microsoft.Exchange.WebServices.Data.BasePropertySet]::FirstClassProperties)
    $PropertySet.RequestedBodyType = [Microsoft.Exchange.WebServices.Data.BodyType]::Text;
      # Set search criteria - unread only
    $SearchForUnRead = New-object Microsoft.Exchange.WebServices.Data.SearchFilter+IsEqualTo([Microsoft.Exchange.WebServices.Data.EmailMessageSchema]::IsRead, $false) 
     $items = $inbox.FindItems($SearchForUnRead,10)  #return only 10 unread mail items
    foreach ($item in $items.Items)
    {
       # load the property set to allow us to view the body
      $item.load($PropertySet)
      if($item.Body.text -Like "*")
      {
       $Phone = $item.From.address
       $Phone = $item.From.address.substring(0, $Phone.IndexOf("@"))
       $user = get-qaduser -MobilePhone $Phone
       If ($user -ne $null)
       {
        $PW = Create-RandomString
        if ($PW.length -gt 6)
        {
         Set-QADUser -identity $user.samaccountname -UserPassword (ConvertTo-SecureString -AsPlainText $PW -Force)
         Unlock-QADUser -identity $user.samaccountname
         $PasswordAge = (Get-QADUser $user |select-object PasswordLastSet)
         if ($PasswordAge.PasswordLastSet -ge (Get-Date).AddMinutes(-1)){
         $Body = "Password reset for " + $user.SamAccountName + "-" + $user.DistinguishedName
         send-mailmessage -to $ResetEmail -from $ResetEmail -subject "Password Reset" -body $Body  -SmtpServer $SmtpServer
         send-mailmessage -to $item.From.address -from $ResetEmail -subject " " -body "Your password is now $PW" -SmtpServer $SmtpServer
         }
        }
       }
       else
       {
        send-mailmessage -to $ResetEmail -from $ResetEmail -subject "Invalid Phone number" -body "Phone number $Phone not found" -SmtpServer $SmtpServer
        send-mailmessage -to $item.From.address -from $ResetEmail -subject " " -body "Your phone number was not found." -SmtpServer $SmtpServer
       }
      }
      $item.Isread = $true
      $item.Update([Microsoft.Exchange.WebServices.Data.ConflictResolutionMode]::AlwaysOverwrite) 
     }
    }
    If anybody has any advice on this then it woudl be much appreciated. I am convinced the number is in the wrong place just I am unsure where line number 51 and 52 - $Phone = $item.From.address is pointing too.

    Regards,
    Adam

  2. #2

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,731
    Thank Post
    344
    Thanked 520 Times in 488 Posts
    Rep Power
    180
    Err which bit isn't it working?

    As in from how I read that, you're sending an email not SMS to the server.

    It's then comparing the email address, and looking up the mobile number from AD

    In regards to $Phone = $item.From.address it's just taking the from-address of (what to me seems more like an email, unless you have somethign that accepts SMS?) and uses that as the lookup variable.

    Steve

  3. #3

    Join Date
    Oct 2013
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for your reply.

    The latter part is not working. Users smart phones are able to send an sms to the email address and the carrier then converts it to email and it ends up in the Reset email box. This part is fine. The part that is not working is when we run the script against the unread emails in the Reset email box. We end up getting this result;
    Phone number +4471234567 not found which suggests to me it is not looking in the right place for the users mobile number. But where is the right place?

    Hope this is a bit more clear.

    Regards.

  4. #4

    Steve21's Avatar
    Join Date
    Feb 2011
    Location
    Swindon
    Posts
    2,731
    Thank Post
    344
    Thanked 520 Times in 488 Posts
    Rep Power
    180
    It's looking it up from AD, so it's querying the user account, and looking in the mobilePhone number tag (Under telephone tab)

    Steve

  5. #5

    Join Date
    Oct 2013
    Posts
    5
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I though at much as that is where I have placed the number on our test account. However we are still getting the number not found issue. I have tried the number in +4472345678 4472345678 and 071234567 formats with no avail.

    Do you have any suggestions as it seems I have implemented everything as it should be?

    I would really like to get this in place so any help would be great.
    Last edited by 2011ComputerMan; 21st October 2013 at 05:12 PM.



SHARE:
+ Post New Thread

Similar Threads

  1. Self Service Password Reset
    By plexer in forum EduGeek Self Service Password Reset
    Replies: 273
    Last Post: 5th November 2013, 07:51 PM
  2. Password Reset form for ICT staff
    By Rozzer in forum Windows
    Replies: 21
    Last Post: 30th January 2013, 11:01 AM
  3. Local admin password reset?
    By sidewinder in forum Windows
    Replies: 13
    Last Post: 15th October 2009, 08:26 PM
  4. Cisco Switch Password Reset
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 10th October 2007, 10:15 AM
  5. HI-GRADE laptop password reset?
    By bishopsgarthstockton in forum Hardware
    Replies: 15
    Last Post: 28th August 2007, 09:50 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •