Embedded Files
PowerShell - Active Directory
PowerShell - Active Directory
get-adcomputer myServer
This command can only run from computers with the Active Directory Domain Services role.
DistinguishedName : CN=SQL01,CN=Computers,DC=mydomain,DC=localDNSHostName : SQL01.mydomain.localEnabled : TrueName : SQL01ObjectClass : computerObjectGUID : 2b4758ab-839e-4c5c-8d90-b9f4caae9ba9SamAccountName : SQL01$SID : S-1-5-21-3353108586-2040516296-1640924633-1111UserPrincipalName :
Change Password
Change Password
Set-AdAccountPassword -Identity $env:UserName -OldPassword (Read-Host -asSecureString "Current") -NewPassword (Read-Host -asSecureString "New")
This command will prompt for old and new password.
This command can only run from computers with the Active Directory Domain Services role.
Changing Password Remotely
Changing Password Remotely
I was running into a problem where my password for my user in a domain that I don't login to regularly was expiring. This meant I was unable to RDP to any computer in that domain and as I'm also not a domain admin for that domain I was unable to change my own password (and I hate disrupting other people to keep fixing this for me)... until I came across this awesome piece of Powershell from Przemyslaw Klys...
https://evotec.xyz/how-to-change-your-own-expired-password-when-you-cant-login-to-rdp/function Set-PasswordRemotely { [CmdletBinding(DefaultParameterSetName = 'Secure')] param( [Parameter(ParameterSetName = 'Secure', Mandatory)][string] $UserName, [Parameter(ParameterSetName = 'Secure', Mandatory)][securestring] $OldPassword, [Parameter(ParameterSetName = 'Secure', Mandatory)][securestring] $NewPassword, [Parameter(ParameterSetName = 'Secure')][alias('DC', 'Server', 'ComputerName')][string] $DomainController ) Begin { $DllImport = @'[DllImport("netapi32.dll", CharSet = CharSet.Unicode)]public static extern bool NetUserChangePassword(string domain, string username, string oldpassword, string newpassword);'@ $NetApi32 = Add-Type -MemberDefinition $DllImport -Name 'NetApi32' -Namespace 'Win32' -PassThru
if (-not $DomainController) { if ($env:computername -eq $env:userdomain) { # not joined to domain, lets prompt for DC $DomainController = Read-Host -Prompt 'Domain Controller DNS name or IP Address' } else { $Domain = $Env:USERDNSDOMAIN $Context = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain, $Domain) $DomainController = ([System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($Context)).Name } } } Process { if ($DomainController -and $OldPassword -and $NewPassword -and $UserName) { $OldPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $OldPassword).Password $NewPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $NewPassword).Password
$result = $NetApi32::NetUserChangePassword($DomainController, $UserName, $OldPasswordPlain, $NewPasswordPlain) if ($result) { Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName failed on $DomainController. Please try again." -ForegroundColor Red } else { Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName succeeded on $DomainController." -ForegroundColor Cyan } } else { Write-Warning "Set-PasswordRemotely - Password change for account failed. All parameters are required. " } }}
if (-not $DomainController) { if ($env:computername -eq $env:userdomain) { # not joined to domain, lets prompt for DC $DomainController = Read-Host -Prompt 'Domain Controller DNS name or IP Address' } else { $Domain = $Env:USERDNSDOMAIN $Context = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain, $Domain) $DomainController = ([System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($Context)).Name } } } Process { if ($DomainController -and $OldPassword -and $NewPassword -and $UserName) { $OldPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $OldPassword).Password $NewPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $NewPassword).Password
$result = $NetApi32::NetUserChangePassword($DomainController, $UserName, $OldPasswordPlain, $NewPasswordPlain) if ($result) { Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName failed on $DomainController. Please try again." -ForegroundColor Red } else { Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName succeeded on $DomainController." -ForegroundColor Cyan } } else { Write-Warning "Set-PasswordRemotely - Password change for account failed. All parameters are required. " } }}
Run it with...
Set-PasswordRemotely -DomainController myDomainController
It will prompt for UserName, OldPassword and NewPassword
If you are already logged into the domain you can omit the DomainController and it will default to your current one.
Bibliography
Bibliography
https://community.spiceworks.com/topic/1974956-how-to-find-sid-of-computerhttps://evotec.xyz/how-to-change-your-own-expired-password-when-you-cant-login-to-rdp/https://docs.microsoft.com/en-us/powershell/module/activedirectory/set-adaccountpassword?view=windowsserver2022-pshttps://www.manageengine.com/products/ad-manager/powershell/how-to-set-adaccountpassword-using-powershell.html
TODO:https://www.varonis.com/blog/powershell-active-directory-modulehttps://learn.microsoft.com/en-us/powershell/module/activedirectory/get-aduser
Page updated
Google Sites
Report abuse