Changing other user password from command line
I'm in an AD domain and I want to change someone's password (which is expired but I think it is irrelevant).
I'm not a AD admin so net user <username> * /domain
does not work.
I can change it pressing CTRL+ALT+DELETE->Change Password typing the old password which I have; is there a command line equivalent of this process?
Solution 1:
Actually, if you're not a domain admin (or account admin), it's relevant: for an account with expired password, you must do an interactive logon to change the password.
Otherwise, if you know the other user's password, you may launch a Powershell session with those credentials and use the code that @Ryan Bolger just posted. Or even easier:
Set-ADAccountPassword otheruser -oldpassword typeoldpassword -newpassword typenewpassword
**** EDIT ****
Forget everything above: you can do it with that command, as that command it actually does an interactive logon. So just do:
Set-ADAccountPassword otheruser
and you'll be prompted for old password, then new password, then retype new password. I just tested it! :)
Solution 2:
If you know the LDAP distinguished name (DN) value for the user you can do it with Powershell like this:
$oldpass = 'XXXXXXX'
$newpass = 'XXXXXXX'
$user = [ADSI]"LDAP://CN=myuser,OU=MyOU,DC=example,DC=com"
$user.ChangePassword($oldpass,$newpass)
I should note that this method works even if the password has already expired which is a nice bonus.
If you don't know the DN, it's only slightly harder because you'd have to search for a reference to the user first. Here's a one liner that uses adsisearcher
to find the user by sAMAccountName
. Though you can use whatever LDAP filter makes sense. You can use this in place of the $user = blah
line above.
$user = ([adsisearcher]"(&(sAMAccountType=805306368)(sAMAccountName=myuser))").FindOne()