Changing Local and Active Directory User Password Using PowerShell

The administrator can change the password of the local users on the computer using the Local Users and Groups (lusrmgr.msc) graphic snap-in. To change the password of an AD domain user, the Active Directory Users and Computer (ADUC) GUI console is mainly used. However, in some cases, the administrator may need to change the user’s password from the command prompt or within some script. In this article we will show how to manage user’s passwords (both local and domain) using PowerShell.

How to Change Active Directory User Password with PowerShell?

To change an Active Directory user password, use the Set-ADAccountPassword cmdlet from the Active Directory module for Windows PowerShell. Of course, the user who runs the cmdlet must have domain administrator privileges or should be delegated to reset passwords of an AD users.

Before using the Set-ADAccountPassword cmdlet, you must import this module into a PowerShell session:

Import-Module ActiveDirectory

The password in the computer’s memory should preferably be stored in a protected form, so you can ask the administrator to specify the password as follows:

$newPass=Read-Host "Enter the new user password" -AsSecureString

Enter the new password in the PowerShell console.

powershell change local user password

It is better to specify the AD account name in the form of samAccountname. For example, to change the password for user jkelly, run the command:

Set-ADAccountPassword jkelly -NewPassword $newPass

powershell change user password

You can set a new user password directly inside the script code:

Set-ADAccountPassword jkelly–NewPassword (ConvertTo-SecureString -AsPlainText –String "St0ngPwd@d" -force)

If you want the user to change the password on the next login, perform the command:

Set-ADUser jkelly -ChangePasswordAtLogon $True

powershell change password

READ ALSO  The Processing of Group Policy Failed

You can reset the password for several users at once (assume that account names are stored in a plain text file user_to_reset.txt). Use this script:

Get-Content C:\PS\user_to_reset.txt | Set-ADAccountPassword -NewPassword $newPass -Reset

How to Change the Password for a Windows Local Accounts?

To change the passwords of local Windows users, you can use the ADSI (Active Directory Services Interface) API, which can be used to interact with Active Directory or with stand-alone computers.

Open the PowerShell command prompt and list the local user accounts on the current computer:

get-wmiobject win32_useraccount

powershell change password local user

You can also display a list of local users like this:

[adsi]$localPC = "WinNT://."

$localPC.Children | where {$_.Class -eq "user"} | ft name, description –auto

To reset a local user password, first select the user (in this example the local account name is ConfRoom):

[adsi]$user = "WinNT://./ConfRoom,user"

Set the password:

$user.SetPassword("newP@s32w02rd")

Additionally, you can request a password change at the next login:

$user.Put("PasswordExpired",1)

It remains to save the changes to the user account:

$user.SetInfo()

powershell change user password active directory

The same commands can be used to change the user’s password on remote computers. It is enough to replace [adsi]$user = ″WinNT://./ConfRoom,user″ with the command [adsi]$user = ″WinNT://RemotePCName/ConfRoom,user″.

To set the same password for all local users, use the following script:

$NewPass = "ThisIsNewP@33"

$localusers = Get-WmiObject -Class Win32_UserAccount -ComputerName $env:COMPUTERNAME -Filter LocalAccount='true' | select -ExpandProperty name

foreach ($user in $localusers)

{

$user

([adsi]"WinNT://$env:COMPUTERNAME/$user").SetPassword("$NewPass ")

}
Cyril Kardashevsky
Latest posts by Cyril Kardashevsky (see all)
READ ALSO  How to Map a Network Drive in Windows 10?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.