Implement ResetPassword and Unlock for PersonUser accounts.

Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1

@@ -439,6 +439,12 @@ function Set-PersonUser {
    .PARAMETER Remove
    Specifies user will be removed from the spcified group.
 
+   .PARAMETER Unlock
+   Specifies user will be unloacked.
+
+   .PARAMETER NewPassword
+   Specifies new password for the specified user.
+
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
@@ -451,7 +457,17 @@ function Set-PersonUser {
    .EXAMPLE
    Set-PersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
 
-   Removec $myPersonUser from $myExampleGroup
+   Removes $myPersonUser from $myExampleGroup
+
+   .EXAMPLE
+   Set-PersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection
+
+   Unlocks $myPersonUser
+
+   .EXAMPLE
+   Set-PersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
+
+   Resets $myPersonUser password
 #>
 [CmdletBinding(ConfirmImpact='Medium')]
  param(
@@ -491,6 +507,21 @@ function Set-PersonUser {
    [switch]
    $Remove,
 
+   [Parameter(
+      ParameterSetName = 'ResetPassword',
+      Mandatory=$true,
+      HelpMessage='New password for the specified user.')]
+   [ValidateNotNull()]
+   [string]
+   $NewPassword,
+
+   [Parameter(
+      ParameterSetName = 'UnlockUser',
+      Mandatory=$true,
+      HelpMessage='Specifies to unlock user account.')]
+   [switch]
+   $Unlock,
+
    [Parameter(
       Mandatory=$false,
       ValueFromPipeline=$false,
@@ -525,6 +556,18 @@ function Set-PersonUser {
                Write-Output $User
             }
          }
+
+         if ($Unlock) {
+            $result = $connection.Client.UnlockPersonUser($User)
+            if ($result) {
+               Write-Output $User
+            }
+         }
+
+         if ($NewPassword) {
+            $connection.Client.ResetPersonUserPassword($User, $NewPassword)
+            Write-Output $User
+         }
       }
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs

@@ -115,6 +115,30 @@ namespace VMware.vSphere.SsoAdminClient.Tests
          Assert.IsTrue(addActual);
          Assert.IsTrue(removeActual);
 
+         // Cleanup
+         ssoAdminClient.DeleteLocalUser(
+            newUser);
+      }
+
+      [Test]
+      public void ResetUserPassword() {
+         // Arrange
+         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
+
+         var expectedUserName = "test-user6";
+         var expectedPassword = "te$tPa$sW0rd";
+         var updatePassword = "TE$tPa$sW0rd";
+         var newUser = ssoAdminClient.CreateLocalUser(
+            expectedUserName,
+            expectedPassword);
+
+         // Act
+         // Assert
+         Assert.DoesNotThrow(() => { 
+            ssoAdminClient.ResetPersonUserPassword(newUser, updatePassword); 
+         });         
+
+
          // Cleanup
          ssoAdminClient.DeleteLocalUser(
             newUser);

Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/SsoAdminClient.cs

@@ -302,6 +302,42 @@ namespace VMware.vSphere.SsoAdminClient
                   },
                   group.Name)).Result;
       }
+
+      public void ResetPersonUserPassword(PersonUser user, string newPassword) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin ResetLocalPersonUserPasswordAsync operation
+         authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.ResetLocalPersonUserPasswordAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalManagementService",
+                     Value = "principalManagementService"
+                  },
+                  user.Name,
+                  newPassword)).Wait();
+      }
+
+      public bool UnlockPersonUser(PersonUser user) {
+         // Create Authorization Invocation Context
+         var authorizedInvocationContext =
+            CreateAuthorizedInvocationContext();
+
+         // Invoke SSO Admin UnlockUserAccountAsync operation
+         return authorizedInvocationContext.
+            InvokeOperation(() =>
+               _ssoAdminBindingClient.UnlockUserAccountAsync(
+                  new ManagedObjectReference {
+                     type = "SsoAdminPrincipalManagementService",
+                     Value = "principalManagementService"
+                  },
+                  new SsoPrincipalId {
+                     name = user.Name,
+                     domain = user.Domain
+                  })).Result;
+      }
       #endregion
    }
 }

Modules/VMware.vSphere.SsoAdmin/src/test/PersonUser.Tests.ps1

@@ -262,7 +262,7 @@ Describe "PersonUser Tests" {
       }
    }
 
-   Context "Set-PersonUser Add/Remove Group" {
+   Context "Set-PersonUser" {
       It 'Adds person user to group' {
          # Arrange
          $userName = "TestAddGroupPersonUserName"
@@ -334,6 +334,61 @@ Describe "PersonUser Tests" {
          # Assert
          $actual | Should Not Be $null
       }
+
+      It 'Resets person user password' {
+         # Arrange
+         $userName = "TestResetPassPersonUserName"
+         $userPassword = '$tr0NG_TestPa$$w0rd'
+         $newPassword = 'Update_TestPa$$w0rd'
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         $personUserToUpdate = New-PersonUser `
+            -UserName $userName `
+            -Password $userPassword `
+            -Server $connection
+
+         $script:usersToCleanup += $personUserToUpdate
+
+         # Act
+         $actual = Set-PersonUser `
+            -User $personUserToUpdate `
+            -NewPassword $newPassword `
+            -Server $connection
+
+         # Assert
+         $actual | Should Not Be $null
+      }
+
+      It 'Unlocks not locked person user' {
+         # Arrange
+         $userName = "TestResetPassPersonUserName"
+         $userPassword = '$tr0NG_TestPa$$w0rd'
+         $connection = Connect-SsoAdminServer `
+            -Server $VcAddress `
+            -User $User `
+            -Password $Password `
+            -SkipCertificateCheck
+
+         $personUserToUpdate = New-PersonUser `
+            -UserName $userName `
+            -Password $userPassword `
+            -Server $connection
+
+         $script:usersToCleanup += $personUserToUpdate
+
+         # Act
+         $actual = Set-PersonUser `
+            -User $personUserToUpdate `
+            -Unlock `
+            -Server $connection
+
+         # Assert
+         $actual | Should Be $null
+      }
    }
 
    Context "Remove-PersonUser" {