change local active directory user

Changing Local and Active Directory User Password Using PowerShell


The administrator can change the password of the local users on the computer using the Local Users and Groups (lusrmgr.msc) graphic snap-in. To change the password of an AD domain user, the Active Directory Users and Computer (ADUC) GUI console is mainly used. However, in some cases, the administrator may need to change the user’s password from the command prompt or within some script. In this article we will show how to manage user’s passwords (both local and domain) using PowerShell.

How to Change Active Directory User Password with PowerShell?

To change an Active Directory user password, use the Set-ADAccountPassword cmdlet from the Active Directory module for Windows PowerShell. Of course, the user who runs the cmdlet must have domain administrator privileges or should be delegated to reset passwords of an AD users.

Before using the Set-ADAccountPassword cmdlet, you must import this module into a PowerShell session:

Import-Module ActiveDirectory

The password in the computer’s memory should preferably be stored in a protected form, so you can ask the administrator to specify the password as follows:

$newPass=Read-Host "Enter the new user password" -AsSecureString

Enter the new password in the PowerShell console.

change local active directory user password

It is better to specify the AD account name in the form of samAccountname. For example, to change the password for user jkelly, run the command:

Set-ADAccountPassword jkelly -NewPassword $newPass

adaccount password

You can set a new user password directly inside the script code:

Set-ADAccountPassword jkelly–NewPassword (ConvertTo-SecureString -AsPlainText –String "St0ngPwd@d" -force)

If you want the user to change the password on the next login, perform the command:

Set-ADUser jkelly -ChangePasswordAtLogon $True

change password logon

You can reset the password for several users at once (assume that account names are stored in a plain text file user_to_reset.txt). Use this script:

Get-Content C:\PS\user_to_reset.txt | Set-ADAccountPassword -NewPassword $newPass -Reset

How to Change the Password for a Windows Local Accounts?

To change the passwords of local Windows users, you can use the ADSI (Active Directory Services Interface) API, which can be used to interact with Active Directory or with stand-alone computers.

Open the PowerShell command prompt and list the local user accounts on the current computer:

get-wmiobject win32_useraccount

change password active directory logon

You can also display a list of local users like this:

[adsi]$localPC = "WinNT://."

$localPC.Children | where {$_.Class -eq "user"} | ft name, description –auto

To reset a local user password, first select the user (in this example the local account name is ConfRoom):

[adsi]$user = "WinNT://./ConfRoom,user"

Set the password:

$user.SetPassword("newP@s32w02rd")

Additionally, you can request a password change at the next login:

$user.Put("PasswordExpired",1)

It remains to save the changes to the user account:

$user.SetInfo()

set password active directory user

The same commands can be used to change the user’s password on remote computers. It is enough to replace [adsi]$user = ″WinNT://./ConfRoom,user″ with the command [adsi]$user = ″WinNT://RemotePCName/ConfRoom,user″.

To set the same password for all local users, use the following script:

$NewPass = "ThisIsNewP@33"

$localusers = Get-WmiObject -Class Win32_UserAccount -ComputerName $env:COMPUTERNAME -Filter LocalAccount='true' | select -ExpandProperty name

foreach ($user in $localusers)

{

$user

([adsi]"WinNT://$env:COMPUTERNAME/$user").SetPassword("$NewPass ")

}

You may also like:

Removing Old and Unused Drivers from Driver Store ... Each time you install or update your device driver, Windows OS (since Vista) continues to store the old version of the driver in the system Driver Sto...
Installing Active Directory Users and Computers MM... One of the main Active Directory domain management tools is the MMC snap-in Active Directory Users and Computers (ADUC). The ADUC snap-in is used to p...
FSMO Role: Infrastructure Master We continue the series of articles about FSMO roles in the Active Directory domain. This time, we will take a closer look at the FSMO role — Infrastru...
Change Default OU permissions in Active Directory By default, each newly created organizational unit (OU) in the access list includes read permission for the group Authenticated Users (built-in group)...
How to transfer FSMO Roles From a Failed Domain Co... In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic ha...

Add Your Comment