Added Set-DomainUserPassword to reset a particular user's password.

Reformatted documentation.

Author: HarmJ0y

README.md

@@ -132,7 +132,7 @@ Displays Windows vault credential objects including cleartext web credentials.
 
 Generates a full-memory minidump of a process.
 
-#### 'Get-MicrophoneAudio'
+#### `Get-MicrophoneAudio`
 
 Records audio from system microphone and saves to disk
 

Recon/PowerView.ps1

@@ -4894,6 +4894,119 @@ http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-
 }
 
 
+function Set-DomainUserPassword {
+<#
+.SYNOPSIS
+
+Sets the password for a given user identity and returns the user object.
+
+Author: Will Schroeder (@harmj0y)  
+License: BSD 3-Clause  
+Required Dependencies: Get-PrincipalContext  
+
+.DESCRIPTION
+
+First binds to the specified domain context using Get-PrincipalContext.
+The bound domain context is then used to search for the specified user -Identity,
+which returns a DirectoryServices.AccountManagement.UserPrincipal object. The
+SetPassword() function is then invoked on the user, setting the password to -AccountPassword.
+
+.PARAMETER Identity
+
+A user SamAccountName (e.g. User1), DistinguishedName (e.g. CN=user1,CN=Users,DC=testlab,DC=local),
+SID (e.g. S-1-5-21-890171859-3433809279-3366196753-1113), or GUID (e.g. 4c435dd7-dc58-4b14-9a5e-1fdb0e80d201)
+specifying the user to reset the password for.
+
+.PARAMETER AccountPassword
+
+Specifies the password to reset the target user's to. Mandatory.
+
+.PARAMETER Domain
+
+Specifies the domain to use to search for the user identity, defaults to the current domain.
+
+.PARAMETER Credential
+
+A [Management.Automation.PSCredential] object of alternate credentials
+for connection to the target domain.
+
+.EXAMPLE
+
+$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword
+
+Resets the password for 'andy' to the password specified.
+
+.EXAMPLE
+
+$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword)
+$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword -Credential $Cred
+
+Resets the password for 'andy' usering the alternate credentials specified.
+
+.OUTPUTS
+
+DirectoryServices.AccountManagement.UserPrincipal
+
+.LINK
+
+http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/
+#>
+
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSShouldProcess', '')]
+    [OutputType('DirectoryServices.AccountManagement.UserPrincipal')]
+    Param(
+        [Parameter(Position = 0, Mandatory = $True)]
+        [Alias('UserName', 'UserIdentity', 'User')]
+        [String]
+        $Identity,
+
+        [Parameter(Mandatory = $True)]
+        [ValidateNotNullOrEmpty()]
+        [Alias('Password')]
+        [Security.SecureString]
+        $AccountPassword,
+
+        [ValidateNotNullOrEmpty()]
+        [String]
+        $Domain,
+
+        [Management.Automation.PSCredential]
+        [Management.Automation.CredentialAttribute()]
+        $Credential = [Management.Automation.PSCredential]::Empty
+    )
+
+    $ContextArguments = @{ 'Identity' = $Identity }
+    if ($PSBoundParameters['Domain']) { $ContextArguments['Domain'] = $Domain }
+    if ($PSBoundParameters['Credential']) { $ContextArguments['Credential'] = $Credential }
+    $Context = Get-PrincipalContext @ContextArguments
+
+    if ($Context) {
+        $User = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($Context.Context, $Identity)
+
+        if ($User) {
+            Write-Verbose "[Set-DomainUserPassword] Attempting to set the password for user '$Identity'"
+            try {
+                $TempCred = New-Object System.Management.Automation.PSCredential('a', $AccountPassword)
+                $User.SetPassword($TempCred.GetNetworkCredential().Password)
+
+                $Null = $User.Save()
+                Write-Verbose "[Set-DomainUserPassword] Password for user '$Identity' successfully reset"
+                $User
+            }
+            catch {
+                Write-Warning "[Set-DomainUserPassword] Error setting password for user '$Identity' : $_"
+            }
+        }
+        else {
+            Write-Warning "[Set-DomainUserPassword] Unable to find user '$Identity'"
+        }
+    }
+}
+
+
 function Get-DomainUserEvent {
 <#
 .SYNOPSIS

Recon/README.md

@@ -58,6 +58,7 @@ an array of hosts from the pipeline.
     Find-DomainObjectPropertyOutlier-   inds user/group/computer objects in AD that have 'outlier' properties set
     Get-DomainUser                  -   return all users or specific user objects in AD
     New-DomainUser                  -   creates a new domain user (assuming appropriate permissions) and returns the user object
+    Set-DomainUserPassword          -   sets the password for a given user identity and returns the user object
     Get-DomainUserEvent             -   enumerates account logon events (ID 4624) and Logon with explicit credential events
     Get-DomainComputer              -   returns all computers or specific computer objects in AD
     Get-DomainObject                -   returns all (or specified) domain objects in AD

Recon/Recon.psd1

@@ -46,6 +46,7 @@ FunctionsToExport = @(
     'Find-DomainObjectPropertyOutlier',
     'Get-DomainUser',
     'New-DomainUser',
+    'Set-DomainUserPassword',
     'Get-DomainUserEvent',
     'Get-DomainComputer',
     'Get-DomainObject',

docs/Recon/Set-DomainUserPassword.md

@@ -0,0 +1,127 @@
+# Set-DomainUserPassword
+
+## SYNOPSIS
+Sets the password for a given user identity and returns the user object.
+
+Author: Will Schroeder (@harmj0y)  
+License: BSD 3-Clause  
+Required Dependencies: Get-PrincipalContext
+
+## SYNTAX
+
+```
+Set-DomainUserPassword [-Identity] <String> -AccountPassword <SecureString> [-Domain <String>]
+ [-Credential <PSCredential>]
+```
+
+## DESCRIPTION
+First binds to the specified domain context using Get-PrincipalContext.
+The bound domain context is then used to search for the specified user -Identity,
+which returns a DirectoryServices.AccountManagement.UserPrincipal object.
+The
+SetPassword() function is then invoked on the user, setting the password to -AccountPassword.
+
+## EXAMPLES
+
+### -------------------------- EXAMPLE 1 --------------------------
+```
+$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+```
+
+Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword
+
+Resets the password for 'andy' to the password specified.
+
+### -------------------------- EXAMPLE 2 --------------------------
+```
+$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+```
+
+$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword)
+$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
+Set-DomainUserPassword -Identity andy -AccountPassword $UserPassword -Credential $Cred
+
+Resets the password for 'andy' usering the alternate credentials specified.
+
+## PARAMETERS
+
+### -Identity
+A user SamAccountName (e.g.
+User1), DistinguishedName (e.g.
+CN=user1,CN=Users,DC=testlab,DC=local),
+SID (e.g.
+S-1-5-21-890171859-3433809279-3366196753-1113), or GUID (e.g.
+4c435dd7-dc58-4b14-9a5e-1fdb0e80d201)
+specifying the user to reset the password for.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases: UserName, UserIdentity, User
+
+Required: True
+Position: 1
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -AccountPassword
+Specifies the password to reset the target user's to.
+Mandatory.
+
+```yaml
+Type: SecureString
+Parameter Sets: (All)
+Aliases: Password
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Domain
+Specifies the domain to use to search for the user identity, defaults to the current domain.
+
+```yaml
+Type: String
+Parameter Sets: (All)
+Aliases: 
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Credential
+A \[Management.Automation.PSCredential\] object of alternate credentials
+for connection to the target domain.
+
+```yaml
+Type: PSCredential
+Parameter Sets: (All)
+Aliases: 
+
+Required: False
+Position: Named
+Default value: [Management.Automation.PSCredential]::Empty
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+## INPUTS
+
+## OUTPUTS
+
+### DirectoryServices.AccountManagement.UserPrincipal
+
+## NOTES
+
+## RELATED LINKS
+
+[http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/](http://richardspowershellblog.wordpress.com/2008/05/25/system-directoryservices-accountmanagement/)
+

docs/Recon/index.md

@@ -1,17 +1,3 @@
-To install this module, drop the entire Recon folder into one of your module directories. The default PowerShell module paths are listed in the $Env:PSModulePath environment variable.
-
-The default per-user module path is: "$Env:HomeDrive$Env:HOMEPATH\Documents\WindowsPowerShell\Modules"
-The default computer-level module path is: "$Env:windir\System32\WindowsPowerShell\v1.0\Modules"
-
-To use the module, type `Import-Module Recon`
-
-To see the commands imported, type `Get-Command -Module Recon`
-
-For help on each individual command, Get-Help is your friend.
-
-Note: The tools contained within this module were all designed such that they can be run individually. Including them in a module simply lends itself to increased portability.
-
-
 ## PowerView
 
 PowerView is a PowerShell tool to gain network situational awareness on