This script resets a user's password in Google Apps. The first script performs the task using Google API and the second script resets the password using a set of PowerShell cmdlets called gShell.
To run the script as a part of a business rule, scheduled task, or custom command, you need to use the Run a program or PowerShell script action.
Google API Script
Note: Before using Google Provisioning API, you need to perform the following steps:
- Download Google Data API and install it on the computer where Adaxes service that runs the script is installed.
- Enable Google Provisioning API in your Google application.
Parameters:
- $userName - Specifies a template for usernames of your AD users in Google Apps. You can use value references (e.g. %username%) in the template.
- $userPassword - Specifies a template for the new password. You can use value references (e.g. %fullname%) in the template.
- $domainName - Specifies the name of the domain registered in your Google application.
- $adminEmail and $adminPassword - specify the credentials of a user who has administrative privileges in your Google Application.
PowerShell
# Load Google Data API DLL
[Reflection.Assembly]::LoadFrom("C:\Program Files\Google\Google Data API SDK\Redist\Google.GData.Apps.dll") # TODO: modify me
$userName = "%sAMAccountName%" # TODO: modify me
$userPassword = "%firstname%%lastname%" # TODO: modify me
$domainName = "domain.com" # TODO: modify me
$adminEmail = "administrator@domain.com" # TODO: modify me
$adminPassword = "password" # TODO: modify me
# Connect to Google Apps
$service = New-Object "Google.GData.Apps.AppsService" ($domainName, $adminEmail, $adminPassword)
# Get user in Google Apps
try
{
$userEntry = $service.RetrieveUser($userName)
}
catch
{
$Context.LogMessage("User not found in Google Apps", "Error") # TODO: modify me
return
}
# Set a new password
$login = $userEntry.Login
$login.Password = $userPassword
$userEntry.Login = $login
# Update the password in Google Apps
try
{
$service.UpdateUser($userEntry)
}
catch
{
$baseException = $_.Exception.GetBaseException()
if ($baseException -ne $NULL -and $baseException.Response -ne $NULL)
{
if ($baseException.Response.StatusCode -eq "BadRequest")
{
$Context.LogMessage("The password does not meet the password policy", "Error") # TODO: modify me
return
}
}
$Context.LogMessage($_.Exception.GetBaseException().Message, "Error")
}
gShell Script
Note: Before using the script, you need to perform the steps listed in gShell's Getting Started document. All the steps must be performed using the credentials of the Adaxes service account (specified during Adaxes installation).
Parameters:
- $userID - Specifies a value reference for the identifier of the user for which to reset. You can use email address (%mail%) or username (%username%).
PowerShell
$scriptBlock = {
Import-Module gShell
$userID = "%mail%" # TODO: modify me
$newPassword = "Password" # TODO: modify me
Set-GAUser -UserKey $userID -NewPassword $newPassword
}
try
{
Invoke-Command -ComputerName localhost -ScriptBlock $scriptBlock -ErrorAction Stop
}
catch
{
$Context.LogMessage("An error occurred when reseting password for user. Error: " + $_.Exception.Message, "Warning")
}