Using the Local Users and Groups (lusrmgr.msc) graphic snap-in, the administrator can change the passwords of local users on the machine. The Active Directory Users and Computers (ADUC) GUI panel is primarily used to update the password of an AD domain user. However, the administrator may need to update the user’s password from the command prompt or within a script in rare instances. In this post, we’ll show you how to use PowerShell to manage user passwords (both local and domain).
Use the Set-ADAccountPassword cmdlet from the Active Directory module for Windows PowerShell to update an Active Directory user’s password. The user that runs the cmdlet must, of course, have domain administrator capabilities or be assigned the ability to reset passwords for AD users.
You must first import this module into a PowerShell session before using the Set-ADAccountPassword cmdlet:
Import-Module ActiveDirectoryBecause the password in the computer’s memory should be saved in a secure format, you can request that the administrator supply the password as follows:
$newPass=Read-Host "Enter the new user password" -AsSecureStringEnter the new password in the PowerShell console.
It is better to specify the AD account name in the form of samAccountname. For example, to change the password for user jkelly, run the command:
Set-ADAccountPassword jkelly -NewPassword $newPass
You can change a user’s password right in the script code:
Set-ADAccountPassword jkelly–NewPassword (ConvertTo-SecureString -AsPlainText –String "St0ngPwd@d" -force)If you want the user to change the password on the next login, perform the command:
Set-ADUser jkelly -ChangePasswordAtLogon $True
You can reset the password for several users at once (assume that account names are stored in a plain text file user_to_reset.txt). Use this script:
Get-Content C:\PS\user_to_reset.txt | Set-ADAccountPassword -NewPassword $newPass -ResetHow to Change the Password for a Windows Local Accounts?
The ADSI (Active Directory Services Interface) API, which may be used to interface with Active Directory or stand-alone PCs, can be used to update the passwords of local Windows users.
List the local user accounts on the current computer using the PowerShell command prompt:
get-wmiobject win32_useraccount
You can also display a list of local users like this:
[adsi]$localPC = "WinNT://."
$localPC.Children | where {$_.Class -eq "user"} | ft name, description –autoTo reset a local user password, first select the user (in this example the local account name is ConfRoom):
[adsi]$user = "WinNT://./ConfRoom,user"Set the password:
$user.SetPassword("newP@s32w02rd")Additionally, you can request a password change at the next login:
$user.Put("PasswordExpired",1)It remains to save the changes to the user account:
$user.SetInfo()
The same commands can be used to change the user’s password on remote computers. It is enough to replace [adsi]$user = ″WinNT://./ConfRoom,user″ with the command [adsi]$user = ″WinNT://RemotePCName/ConfRoom,user″.
To set the same password for all local users, use the following script:
$NewPass = "ThisIsNewP@33"
$localusers = Get-WmiObject -Class Win32_UserAccount -ComputerName $env:COMPUTERNAME -Filter LocalAccount='true' | select -ExpandProperty name
foreach ($user in $localusers)
{
$user
([adsi]"WinNT://$env:COMPUTERNAME/$user").SetPassword("$NewPass ")
}