Changing Local and Active Directory User Password Using PowerShell

Using the Local Users and Groups (lusrmgr.msc) graphic snap-in, the administrator can change the passwords of local users on the machine. The Active Directory Users and Computers (ADUC) GUI panel is primarily used to update the password of an AD domain user. However, the administrator may need to update the user’s password from the command prompt or within a script in rare instances. In this post, we’ll show you how to use PowerShell to manage user passwords (both local and domain).

Use the Set-ADAccountPassword cmdlet from the Active Directory module for Windows PowerShell to update an Active Directory user’s password. The user that runs the cmdlet must, of course, have domain administrator capabilities or be assigned the ability to reset passwords for AD users.

You must first import this module into a PowerShell session before using the Set-ADAccountPassword cmdlet:

Import-Module ActiveDirectory

Because the password in the computer’s memory should be saved in a secure format, you can request that the administrator supply the password as follows:

$newPass=Read-Host "Enter the new user password" -AsSecureString

Enter the new password in the PowerShell console.

It is better to specify the AD account name in the form of samAccountname. For example, to change the password for user jkelly, run the command:

Set-ADAccountPassword jkelly -NewPassword $newPass

You can change a user’s password right in the script code:

Set-ADAccountPassword jkelly–NewPassword (ConvertTo-SecureString -AsPlainText –String "St0ngPwd@d" -force)

If you want the user to change the password on the next login, perform the command:

Set-ADUser jkelly -ChangePasswordAtLogon $True

You can reset the password for several users at once (assume that account names are stored in a plain text file user_to_reset.txt). Use this script:

Get-Content C:\PS\user_to_reset.txt | Set-ADAccountPassword -NewPassword $newPass -Reset

How to Change the Password for a Windows Local Accounts?

The ADSI (Active Directory Services Interface) API, which may be used to interface with Active Directory or stand-alone PCs, can be used to update the passwords of local Windows users.

List the local user accounts on the current computer using the PowerShell command prompt:

get-wmiobject win32_useraccount

You can also display a list of local users like this:

[adsi]$localPC = "WinNT://."

$localPC.Children | where {$_.Class -eq "user"} | ft name, description –auto

To reset a local user password, first select the user (in this example the local account name is ConfRoom):

[adsi]$user = "WinNT://./ConfRoom,user"

Set the password:


Additionally, you can request a password change at the next login:


It remains to save the changes to the user account:


The same commands can be used to change the user’s password on remote computers. It is enough to replace [adsi]$user = ″WinNT://./ConfRoom,user″ with the command [adsi]$user = ″WinNT://RemotePCName/ConfRoom,user″.

To set the same password for all local users, use the following script:

$NewPass = "ThisIsNewP@33"

$localusers = Get-WmiObject -Class Win32_UserAccount -ComputerName $env:COMPUTERNAME -Filter LocalAccount='true' | select -ExpandProperty name

foreach ($user in $localusers)



([adsi]"WinNT://$env:COMPUTERNAME/$user").SetPassword("$NewPass ")


Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here :