Active Directory – Change User’s Password

 

Background

Requested a few Service Accounts so that we can run a few SQL Server Instances using them.

I need to change the password to something a lot tighter.

Got a nice one from Norton Identity Safe; which is here.

 

Change Password

We can change using UI.

 

UI

UI – Self Change

Logged on to the system from console or through Remote Desktop.

If through remote desktop, access Change Password using CTRL/ALT/End

rdc-menu

 

changeapassword-brused-up

 

Console

Tool – dsmod

dsmod – Change User using User Distinguished name


rem John Howard -MSFT
Rem Sample scripts for dsadd, dsmodify, dsget, dsquery, dsmod, dsmove
Rem https://blogs.technet.microsoft.com/jhoward/2005/01/27/sample-scripts-for-dsadd-dsmodify-dsget-dsquery-dsmod-dsmove/

set "_UserDN=CN=svcLABMSSQL,CN=Users,DC=LAB,DC=org"
set "_ADPassword=Hello2819$"

dsmod user "%_UserDN%" -pwd %_ADPassword%


dsmod – Change User using SAMAccountName


Rem Change a domain account’s password from the command line	
Rem https://itnsomnia.wordpress.com/2008/04/08/change-a-domain-accounts-password-from-the-command-line/

set "_SAMAccountName=svcLABMSSQL"
set "_ADPassword=Hello2819$"

echo ADUser
dsquery user -samid %_SAMAccountName%

dsquery user -samid %_SAMAccountName%  | dsmod user  -mustchpwd no -pwd %_ADPassword%



 

dsmod – Error

If Error Occurs, please ouput out ERRORLEVEL.

Here are some common ones.

 

ErrorLevel Error Description Possible Source Links
 -2147467259 ADO_UNSPECIFIED This number doesn’t indicate a specific reason for this error but will always occur if there are problems in ADO requests, e.g. you forgot to pass the search scope (Subtree, OneLevel etc.) within your request string. This error can occur even without using ADO when you have a type mismatch while writing an object attribute (for example if you use the ADSI method Put to fill an integer or string attribute in a floating point number). In this case you better convert the value into a string first.  ADSI Self ADSI
 

 

 

 

References

  1. Microsoft
    • Reset a User Password
      Link
  2. Mitch Tulloch, author of Windows Server Hacks
    • Windows Server Hacks: Resetting User Passwords
      Link
  3. John Howard
    • Sample scripts for dsadd, dsmodify, dsget, dsquery, dsmod, dsmove
      Link
  4. John Savill
    • How can I change a domain user’s password from the command line in Windows Server 2003?
      Link
  5. itnsomnia
    • Change a domain account’s password from the command line
      Link

One thought on “Active Directory – Change User’s Password

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s