Unlock Windows AD account & assign *temporary* password via command line?

windows command-line-interface password password-reset windows-server-2008
8,092

Solution 1

The binary 'dsmod' (comes with Win7 and Vista, and somewhere along the way XP got them too) should do what you want.

dsmod user UserDN -pwd $Password -mustchpwd yes

It can do a lot more as well! Very useful tool.

There are a couple of other tools along side that one that are quite useful as well. dsquery searches AD from command-line. dsget pulls attributes from objects. dsadd allows creating objects (and users!). Definitely worth a look for any scripter.

Solution 2

Untested, but I've done stuff like this before with DSMod user

dsquery user -samid username | dsmod.exe user -pwd <Password> -mustchpwd yes -disabled no

/edited - includes the good suggestion to prepend with dsquery to let you look up the samid (login) instead of the UDN.

Share:
8,092

Related videos on Youtube

Hecter
Author by

Hecter

Updated on September 17, 2022

Comments

  • Hecter
    Hecter over 1 year

    Joe Brown is on the phone. He is locked out of Windows because he has forgotten his password. We could reset his password via Active Directory Users and Computers, but ADUC is very annoyingly clicky.

    Of course, it's also possible to unlock Joe Brown's account and reset his password to "33Foo$bars" via NET USER:

    net user jbrown 33Foo$bars /domain /active:yes

    Unfortunately, the flag requiring him to choose a new password is not set by this command. We, being enlightened administrators, do not want to know any user's permanent password at any time.

    Does anyone have an efficient command-line method to unlock/reset and require a password change, using native Windows tools (including PowerShell or VBScript if necessary) but no 3rd-party binaries?

    Context: Windows Server 2008 domain.

  • mfinni
    mfinni over 13 years
    The ds* tools were new in Server 2003
  • jscott
    jscott over 13 years
    +1, but DNs take way too long to type dsquery user -samid username | dsmod user -mustchpwd yes -pwd password
  • Hecter
    Hecter over 13 years
    Thanks very much. Especially with the addition of @jscott's comment, this is a perfect solution.
  • dzampino
    dzampino over 8 years
    I tried this, but it did not force a password change

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Administrator password reset in Windows Server 2008
Change user password on other domain command line
Passing password from scheduled task to WGET --proxy-password argument?
Determine machine's logon domain from command line
What is the Command Line Syntax to create a Windows Local User and Add that User to a Local Group?
How can I connect to a Windows server using a Command Line Interface? (CLI)
Command Line - Wait for a Process to Finish
Is MSDE supported on Windows Server 2008?
Stop sync windows 2008 r2 clock
How can I create an empty .html and .js file in windows command line?