claudetools/Reset-DataforthAD-Password.ps1

# Reset password for notifications@dataforth.com in on-premises AD
# For hybrid environments with Azure AD Connect password sync

param(
    [string]$DomainController = "192.168.0.27",  # AD1 (primary DC)
    [string]$NewPassword = "%5cfI:G71)}=g4ZS"
)

Write-Host "[OK] Resetting password in on-premises Active Directory..." -ForegroundColor Green
Write-Host "    Domain Controller: $DomainController (AD1)" -ForegroundColor Cyan
Write-Host ""

# Credentials for remote connection
$AdminUser = "INTRANET\sysadmin"
$AdminPassword = ConvertTo-SecureString "Paper123!@#" -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential($AdminUser, $AdminPassword)

Write-Host "[OK] Connecting to $DomainController via PowerShell remoting..." -ForegroundColor Green

try {
    # Execute on remote DC
    Invoke-Command -ComputerName $DomainController -Credential $Credential -ScriptBlock {
        param($NewPass, $UserName)

        Import-Module ActiveDirectory

        # Find the user account
        Write-Host "[OK] Searching for user in Active Directory..."
        $User = Get-ADUser -Filter "UserPrincipalName -eq '$UserName'" -Properties PasswordNeverExpires, PasswordLastSet

        if (-not $User) {
            Write-Host "[ERROR] User not found in Active Directory!" -ForegroundColor Red
            return
        }

        Write-Host "[OK] Found user: $($User.Name) ($($User.UserPrincipalName))"
        Write-Host "    Current PasswordNeverExpires: $($User.PasswordNeverExpires)"
        Write-Host "    Last Password Set: $($User.PasswordLastSet)"
        Write-Host ""

        # Reset password
        Write-Host "[OK] Resetting password..." -ForegroundColor Green
        $SecurePassword = ConvertTo-SecureString $NewPass -AsPlainText -Force
        Set-ADAccountPassword -Identity $User.SamAccountName -NewPassword $SecurePassword -Reset

        Write-Host "[SUCCESS] Password reset successfully!" -ForegroundColor Green

        # Set password to never expire
        Write-Host "[OK] Setting password to never expire..." -ForegroundColor Green
        Set-ADUser -Identity $User.SamAccountName -PasswordNeverExpires $true -ChangePasswordAtLogon $false

        Write-Host "[SUCCESS] Password set to never expire!" -ForegroundColor Green

        # Verify
        $UpdatedUser = Get-ADUser -Identity $User.SamAccountName -Properties PasswordNeverExpires, PasswordLastSet
        Write-Host ""
        Write-Host "[OK] Verification:"
        Write-Host "    PasswordNeverExpires: $($UpdatedUser.PasswordNeverExpires)"
        Write-Host "    PasswordLastSet: $($UpdatedUser.PasswordLastSet)"

        # Force Azure AD Connect sync (if available)
        Write-Host ""
        Write-Host "[OK] Checking for Azure AD Connect..." -ForegroundColor Green
        if (Get-Command Start-ADSyncSyncCycle -ErrorAction SilentlyContinue) {
            Write-Host "[OK] Triggering Azure AD Connect sync..." -ForegroundColor Green
            Start-ADSyncSyncCycle -PolicyType Delta
            Write-Host "[OK] Sync triggered - password will sync to Azure AD in ~3 minutes" -ForegroundColor Green
        } else {
            Write-Host "[WARNING] Azure AD Connect not found on this server" -ForegroundColor Yellow
            Write-Host "          Password will sync automatically within 30 minutes" -ForegroundColor Yellow
            Write-Host "          Or manually trigger sync on AAD Connect server" -ForegroundColor Yellow
        }

    } -ArgumentList $NewPassword, "notifications@dataforth.com"

    Write-Host ""
    Write-Host "================================================================"
    Write-Host "PASSWORD RESET COMPLETE"
    Write-Host "================================================================"
    Write-Host "New Password: $NewPassword" -ForegroundColor Yellow
    Write-Host ""
    Write-Host "[OK] Password policy: NEVER EXPIRES (set in AD)" -ForegroundColor Green
    Write-Host "[OK] Azure AD Connect will sync this change automatically" -ForegroundColor Green
    Write-Host ""
    Write-Host "================================================================"
    Write-Host "NEXT STEPS"
    Write-Host "================================================================"
    Write-Host "1. Wait 3-5 minutes for Azure AD Connect to sync" -ForegroundColor Cyan
    Write-Host ""
    Write-Host "2. Update website SMTP configuration:" -ForegroundColor Cyan
    Write-Host "   - Username: notifications@dataforth.com"
    Write-Host "   - Password: $NewPassword" -ForegroundColor Yellow
    Write-Host ""
    Write-Host "3. Test SMTP authentication:" -ForegroundColor Cyan
    Write-Host "   D:\ClaudeTools\Test-DataforthSMTP.ps1"
    Write-Host ""
    Write-Host "4. Verify authentication succeeds:" -ForegroundColor Cyan
    Write-Host "   D:\ClaudeTools\Get-DataforthEmailLogs.ps1"
    Write-Host ""

    # Save credentials
    $CredPath = "D:\ClaudeTools\dataforth-notifications-FINAL-PASSWORD.txt"
    @"
Dataforth Notifications Account - PASSWORD RESET (HYBRID AD)
Reset Date: $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")

Username: notifications@dataforth.com
Password: $NewPassword

Password Policy:
- Set in: On-Premises Active Directory (INTRANET domain)
- Never Expires: YES
- Synced to Azure AD: Via Azure AD Connect

SMTP Configuration for Website:
- Server: smtp.office365.com
- Port: 587
- TLS: Yes
- Username: notifications@dataforth.com
- Password: $NewPassword

Note: Allow 3-5 minutes for password to sync to Azure AD before testing.

DO NOT COMMIT TO GIT OR SHARE PUBLICLY
"@ | Out-File -FilePath $CredPath -Encoding UTF8

    Write-Host "[OK] Credentials saved to: $CredPath" -ForegroundColor Green

} catch {
    Write-Host "[ERROR] Failed to reset password: $($_.Exception.Message)" -ForegroundColor Red
    Write-Host ""
    Write-Host "Troubleshooting:" -ForegroundColor Yellow
    Write-Host "- Ensure you're on the Dataforth VPN or network" -ForegroundColor Yellow
    Write-Host "- Verify AD1 (192.168.0.27) is accessible" -ForegroundColor Yellow
    Write-Host "- Check WinRM is enabled on AD1" -ForegroundColor Yellow
    Write-Host ""
    Write-Host "Alternative: RDP to AD1 and run locally:" -ForegroundColor Cyan
    Write-Host "  Set-ADAccountPassword -Identity notifications -Reset -NewPassword (ConvertTo-SecureString '$NewPassword' -AsPlainText -Force)" -ForegroundColor Gray
    Write-Host "  Set-ADUser -Identity notifications -PasswordNeverExpires `$true -ChangePasswordAtLogon `$false" -ForegroundColor Gray
}