Firstly - For reasons I won’t get in to I can’t load in the AD module and use Set-ADAccountPassword cmdlet so…
I am trying to change a user account password using the following:
$User = "<MyUserName>" $CurPass = "<CurrentPassword>" $NewPass = "<NewPassword>" $Filter = "(&(objectCategory=person)(objectClass=user)(samaccountname=$User))" $Searcher = New-Object System.DirectoryServices.DirectorySearcher $Searcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry("LDAP://<DomainController>:636", $env:USERDNSDOMAIN\$User, $CurPass) $Searcher.Filter = $Filter $Searcher.SearchScope = "Subtree" $objUser = $Searcher.FindOne().GetDirectoryEntry() $objUser.PsBase.Invoke("ChangePassword", $CurPass, $NewPass) $objUser.CommitChanges()
The above throws a constraint violation error (even as a Domain Admin). If I use the “SetPassword” method as a domain admin this works but I get access denied as a user. I figured “ChangePassword” should work as a user but I cant get this method to work at all.