PS-AD

PowerShell - Active Directory

get-adcomputer myServer


DistinguishedName : CN=SQL01,CN=Computers,DC=mydomain,DC=localDNSHostName : SQL01.mydomain.localEnabled : TrueName : SQL01ObjectClass : computerObjectGUID : 2b4758ab-839e-4c5c-8d90-b9f4caae9ba9SamAccountName : SQL01$SID : S-1-5-21-3353108586-2040516296-1640924633-1111UserPrincipalName :

  • This command can only run from computers with the Active Directory Domain Services role.

Change Password

Set-AdAccountPassword -Identity $env:UserName -OldPassword (Read-Host -asSecureString "Current") -NewPassword (Read-Host -asSecureString "New")

  • This command will prompt for old and new password.

  • This command can only run from computers with the Active Directory Domain Services role.

Changing Password Remotely

I was running into a problem where my password for my user in a domain that I don't login to regularly was expiring. This meant I was unable to RDP to any computer in that domain and as I'm also not a domain admin for that domain I was unable to change my own password (and I hate disrupting other people to keep fixing this for me)... until I came across this awesome piece of Powershell from Przemyslaw Klys...

https://evotec.xyz/how-to-change-your-own-expired-password-when-you-cant-login-to-rdp/
function Set-PasswordRemotely { [CmdletBinding(DefaultParameterSetName = 'Secure')] param( [Parameter(ParameterSetName = 'Secure', Mandatory)][string] $UserName, [Parameter(ParameterSetName = 'Secure', Mandatory)][securestring] $OldPassword, [Parameter(ParameterSetName = 'Secure', Mandatory)][securestring] $NewPassword, [Parameter(ParameterSetName = 'Secure')][alias('DC', 'Server', 'ComputerName')][string] $DomainController ) Begin { $DllImport = @'[DllImport("netapi32.dll", CharSet = CharSet.Unicode)]public static extern bool NetUserChangePassword(string domain, string username, string oldpassword, string newpassword);'@ $NetApi32 = Add-Type -MemberDefinition $DllImport -Name 'NetApi32' -Namespace 'Win32' -PassThru
 if (-not $DomainController) { if ($env:computername -eq $env:userdomain) { # not joined to domain, lets prompt for DC $DomainController = Read-Host -Prompt 'Domain Controller DNS name or IP Address' } else { $Domain = $Env:USERDNSDOMAIN $Context = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain, $Domain) $DomainController = ([System.DirectoryServices.ActiveDirectory.DomainController]::FindOne($Context)).Name } } } Process { if ($DomainController -and $OldPassword -and $NewPassword -and $UserName) { $OldPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $OldPassword).Password $NewPasswordPlain = [System.Net.NetworkCredential]::new([string]::Empty, $NewPassword).Password
 $result = $NetApi32::NetUserChangePassword($DomainController, $UserName, $OldPasswordPlain, $NewPasswordPlain) if ($result) { Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName failed on $DomainController. Please try again." -ForegroundColor Red } else { Write-Host -Object "Set-PasswordRemotely - Password change for account $UserName succeeded on $DomainController." -ForegroundColor Cyan } } else { Write-Warning "Set-PasswordRemotely - Password change for account failed. All parameters are required. " } }}

Run it with...

Set-PasswordRemotely -DomainController myDomainController

  • It will prompt for UserName, OldPassword and NewPassword

  • If you are already logged into the domain you can omit the DomainController and it will default to your current one.