Change users Passwords centrally and send the new password through email

As an Office 365 admin sometimes you may have some unique requirements and at those times you may find that it's only PowerShell that you can turn to for help.
This script is a solution to one such scenario.

The script will take in a CSV with a list of Users and (predefined) passwords and set those passwords on AzureAD as a bulk and at the same time it'll generate an email containing the users new credentials and send it to the users personal email address.


Note: You can use a random password generator such as this site https://www.random.org/passwords/ to generate a list of passwords according to your requirements.

#############################################################################
#       Author: Sidath U Liyanage
#       Date: 14/01/2019
#       Satus: Bulk change user password
#       Update: Initial functionality.
#       Description: Bulk change password for a given list of users.
#       Note!: Update the "PasswordChangeList.csv" before running the script.
#############################################################################
###########################Define Variables##################################

$FilePath = "C:\Users\sidath\OneDrive\Documents\Scripts--" #<< Path for the CSV file
$adminAcc = 'admin@Contoso.com' #<< Admin account credentials

$FromAddress = 'Sidath@Contoso.com' #<< Mail from address
$MailSubject = "Login to your new office 365 account [Do not reply]"
$MailSignature = "Contoso O365 admin"
$SmtpPServer = 'smtp.office365.com'
$SmtpPort = '587'

#############################################################################
Write-Warning "Have you updated the variables and PasswordChangeList.csv file? (if not close this window and do it first)"
pause

#Install AzureAD module if it's not available
If ((Get-Module AzureADPreview) -eq $null) {
    Write-Warning "Installing module AzureAD.. [Note: To install this module you must run this script with admin priviledges]"
    Install-Module AzureADPreview
    }

Connect to O365 tenant
$cred = Get-Credential -credential $adminAcc
$o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Connect-AzureAD -Credential $cred
Import-PSSession $o365Session

$ImprtLst = Import-Csv "$FilePath\PasswordChangeList.csv"

If ($adminAcc -ne $FromAddress) {
    $credMail = Get-Credential -credential $FromAddress
    }
Else {$credMail = $cred}


$ImprtLst | ForEach-Object {
    $Error.Clear()
    $CUPN = $_.UserPrincipalName
    $CPW = $_.Password
    $CDN = $_.DisplayName
    $CMail = $_.SendToMail
    $CPWS = ConvertTo-SecureString -String $CPW -AsPlainText -Force
    Write-Host "reseting the password of: $CUPN" -ForegroundColor Magenta -BackgroundColor Black
    $CObjID = (Get-AzureADUser -Filter "UserPrincipalName eq '$CUPN'").objectID
    Set-AzureADUserPassword -ObjectId $CObjID -Password $CPWS -EnforceChangePasswordPolicy:$false
    #Error logging
    If ($Error -ne $null) {
        $Error | Out-File $FilePath\ErrorLog.txt
        }

    #Generate message body
    $MsgBody = "Hi $CDN"
    $MsgBody += ",</br> </br> <p> Following are your new Office 365 Credentials. </p>"
    $MsgBody += "</br> <table border=0> <tr> <th> User Name </th> <th> Password </th> <tr>"
    $MsgBody += "<tr> <td> $CUPN </td> <td> $CPW </td> </tr> </table>"
    $MsgBody += "</br> </br> <p>Sincerely,</br> $MailSignature </p>"

    Write-Host "Sending the password to: $CMail"
    Send-MailMessage -From $FromAddress -To $CMail -Subject $MailSubject -Body $MsgBody -Priority High -SmtpServer $SmtpPServer -Credential $credMail -UseSsl -BodyAsHtml

    }