Word – Any command line tool checking windows domain password

domainpasswords

Does Windows provide a command line utility that lets me check a domain user's password? It is sufficient that the utility returns success(0) if I provide a matching domain user name and password. Alternatively, is there a simple VB/JS script that can do this?

I'm the Intranet admin of my company and have the default password set for corporate staff, so I'd like to quickly scan which users have not changed their default password.

Better yet, are there any books or websites which cover such topics so that I can get more information?

Best Answer

As from the question-comments you have access to the Active Directory. Go to Active Directory Management Console and right-click -> Find. Do a "Customer Search" and enter in the "Advanced Tab"

(&(objectClass=person)(objectClass=User)(pwdLastSet<=0))

This will give you all Accounts from the whole Directory that never changed their initaial set passwords.i

Related Solutions

Windows – How to change the Windows domain password when the PC is not on the domain

Turns out this is actually fairly simple. On the change password screen, accessed by hitting ctrl+alt-delete at the computer (or remotely*) you can actually edit the user name to something else, such as adding a domain specifier in front of the user name. Yes this works even if the computer is not in the domain but is on the network.

So there are a few ways to go about it.

So what I actually just tested was to connect the the machine remotely. Sent ctrl+alt+del through the remote desktop program. Picked change password. Changed the username, in my case my username with the "mydomain\" prefixed (in front) of it. Change it to your actual domain of course and the exact user name if it differs on the domain. Hit enter. Voila! Done.

So you can do this on any computer you have access to in the domain with any other user, physically/locally or remotely. Open the change user name screen and change the user name to the fully qualified/specified user name, meaning with the domain name in front of it followed by "\", such as: domainname\yourusername.

*= remotely accessing your computer with software such as Microsoft Windows Remote Desktop, Chrome remote desktop, Team viewer etc, and making the equivalent of a ctrl+alt+del. In microsoft Remote desktop by hitting ctrl+alt+end. In Chrome remote desktop, https://remotedesktop.google.com, you do this in a menu.

Of course accessing a machine remotely might or might not meen you need vpn access with the same login that is expired... However hopefully those are two different logins if so.

Cloud services for remote access, such as Chrome remote desktop, team viewer, ssh tunnels, etc are potentially unauthorized/dangerous and most likely prohibited backdoors that could in some cases circumvent this catch-22 situation with an expired vpn access. Make sure you are allowed the make use of those if tempted, they are most likely not, for good reasons.

Windows – Use runas with a domain account on a non-domain machine in Windows 2k/XP/Vista/7

The runas command has an extra option /netonly that allows running local apps as a domain user, on a non-domain machine. It worked for me when I ran on Windows 7 Professional - but it does require an elevated Command Prompt.

runas /netonly /user:domain\user command

More details at the below site:

http://codebetter.com/jameskovacs/2009/10/12/tip-how-to-run-programs-as-a-domain-user-from-a-non-domain-computer/

Best Answer

Related Solutions

Windows – How to change the Windows domain password when the PC is not on the domain

Windows – Use runas with a domain account on a non-domain machine in Windows 2k/XP/Vista/7

Related Question