If user is only a member of domain users,how to change(not reset) self password with powershell?
Are you wanting to change your password as if you went ctrl-alt-del selected change password entered the old password then the new password. Is this right?
if so then this might be for you:
Set-ADAccountPassword -Identity $user -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$newPass" -Force)
[pre]
$user = $env:username
$pass = Read-Host -Prompt ‘Input new Password’
& NET USER $user $pass /domain
[/pre]
That will do it,
if you covert it to an exe its easier to run
@Bart de Vogt Net user command require reset password permission,domain users default have change password permission,but no reset.
[quote quote=157574]@Bart de Vogt Net user command require reset password permission,domain users default have change password permission,but no reset.
[/quote]
You are completely right,
didn’t check with only domain user.
So far as i can see there is no option to do this via powershell
Not just with PowerShell, may be not at all by a normal user.
[quote quote=157517]If user is only a member of domain users,how to change(not reset) self password with powershell?
[/quote]
I work in an environment where I have multiple accounts and multiple domains, and this is what I use to change the passwords (keep in mind, I do commit a transgression and keep them synced).
Fill in the account(s), the domain(s) and password (old and new). After it has run make sure you clean out the passwords you entered, since it is in plain text.
$users="1account", "2account", "3account"
$domains="yourdomains"
$oldPW= ConvertTo-SecureString "CurrentPASSWORD" -AsPlainText -Force
$newpw= ConvertTo-SecureString "NewPassword" -AsPlainText -Force
foreach ($u in $users) {
foreach ($d in $domains) {
try {
$mycreds = New-Object System.Management.Automation.PSCredential ($u,$oldpw)
get-aduser -identity $u -server $d -credential $mycreds -ErrorAction Stop
Set-ADAccountPassword -Identity $u -server $d -OldPassword $oldpw -NewPassword $newpw -credential $mycreds
} catch {
write-host "$u in $d not found"
}
}
}
Thank for reply.
My server’s version is win2012R2, dc return message:
C:\Users\xu> &"D:\Script\Change Password test.ps1" aochan in ATHENA.COM not found t-aduser : The server has rejected the client credentials. D:\Script\Change Password test.ps1:13 char:1 get-aduser -identity $u -Server $d -credential $mycreds -ErrorAction Stop ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : SecurityError: (diaochan:ADUser) [Get-ADUser], AuthenticationException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.Security.Authentication.AuthenticationException,Microsoft.A ctiveDirectory.Management.Commands.GetADUser
Normal users cannot change passwords of a domain account even via Set-ADAccountPassword cmdlet. Here the $credential user is a normal user.
Normal users cannot change passwords of a domain account even via Set-ADAccountPassword cmdlet. Here the $credential user is a normal user.
[quote quote=157818]Normal users cannot change passwords of a domain account even via Set-ADAccountPassword cmdlet. Here the $credential user is a normal user.
[/quote]
Domain User AccountA cannot change Domain User AccountB.
Domain User AccountA can change Domain User AccountA. (edited: changed ‘reset’ to ‘change’)
The question was:
“If user is only a member of domain users,how to change(not reset) self password with powershell?”
A user can change their own password in AD. I just ran the script I provided for my own account:
PasswordLastSet : 6/4/2019 3:41:07 PM
This account is only a domain user.