I know this is bread-and-butter AIX admin stuff, but recorded here for quick reference.
I am assuming the server you are running this from has password-less ssh access to the remote target server, here is a quick script to do an AIX user account reset and change of password to something random.
The password set will be logged in this case to /home/troyski/reset-user.sh.log so you can advise the user.
It also checks the target user is not authenticated via AD first.
# Quick script to reset a user account # Declare vars progname=reset-user.sh logfile=/home/troyski/${progname}.log user=$1 node=$2 # Declare funcs gen_password() { pass=$(dd if=/dev/urandom bs=16 count=1 2>/dev/null | openssl base64 | sed "s/[=O/\]//g" | cut -b1-8) } syntax() { logmsg "Syntax : $progname [username] [target server]" exit 1 } logmsg() { message=$1 echo "$(date) : $message" | tee -a $logfile } # Script starts here logmsg =========================================== logmsg Started [[ $# -lt 2 || $# -gt 2 ]] && syntax # Ping the target server to make sure it's alive & if it does check the user exists ssh $node "lsuser $user" >/dev/null 2>&1 RC=$? case $RC in 255) # Host did not resolve logmsg "$node not found" exit 2 ;; 2) # User did not exist logmsg "$user does not exist on $node" exit 3 ;; 0) # User and host ok ;; *) # Unhandled error logmsg "Unhandled error : $RC" exit 4 ;; esac # Check the user isn't auth via LDAP check=$(ssh $node "lsuser -a registry $user") if [[ "$check" = "$user registry=KRB5files" || "$check" = "$user registry=KRB5Afiles" ]];then logmsg "This user auth is AD so I can't reset the password on $node" exit 5 fi # Reset the password to a random one and log it gen_password ssh $node "chuser unsuccessful_login_count=0 $user" ssh $node "chuser login=true $user" ssh $node "echo \"${user}:${pass}\" | chpasswd" logmsg "Reset $user on $node to $pass" logmsg Finished |