Windows – Change (not reset!) the own domain user password on command prompt

command linedomainpasswordswindows

I've read about the command net user <username> <password> /domain to "change" my domain account password. But this isn't asking for my current password, and I have the impression (although nobody warned me explicitly) that it really doesn't normally change/update my password, but instead reset it. This would mean that I lose access to all encrypted things bound to my credentials, e. g. EFS.

How can I change my password for a domain account on the command line without losing crypto access? I'm looking for a full functional equivalent of the Ctrl+Alt+Delete/Change Password GUI for automation. It should also accept the current password as command line parameter if necessary.

This is for Windows 7 and a similar-aged or more current domain controller. I have local administrator privilege but not for the domain, but I imagine that it shouldn't be necessary to change my own user password.

Best Answer

It isn't asking for your current password because probably you run command/script as yourself, so it uses your credentials.

You can use PowerShell Set-ADAccountPassword for this, if you want more powerful feature to change your password. You can also get credentials from user with Get-Credential.

You can use them after installing RSAT (Remote Server Admin Tools) and importing module through command Import-Module ActiveDirectory.

Related Solutions

Windows – ny way to change the password of the current user account using the command line

The Solution which Breakthrough gave is useless if you have a limited account.Here's what you to get admin privileges :-

Step One: First, open Command Prompt (either; Start->Run->Type cmd.exe->OK OR; Double-Click C:\Windows\System32\cmd.exe

Step Two: Create an account, if you do not wish to create a new account, ignore this step. Type the following into the black box that appears (command prompt)

net user /add

Example: net user max 123456 /add

This will create a password protected account. The username will be max The password will be 123456

Step Three: Find all of the user groups that are available on the network

net localgroup

This will bring up a list like this *Administrators *Debugger Users *Guests *HelpServicesGroup *Users The command completed successfully. (can be different according to different systems)

Step Four: Input the following into Command Prompt

net localgroup /add

Example:

net localgroup administrators max /add

This would add the username “max” join the group “administrators” and have all privileges related to that group.

This will work on local machines. and if you are lucky enough and the admin is not very good on what he is doing you can create your own admin account in an networked environment as well :) :) but if the cmd command prompt is restricted or a manual access rights are placed then no way to make this work.. You will probably get into trouble if you get caught doing this.. I have only provided this as an example of what you can do with command prompt and thus why it should always be disabled on limited accounts, I am not responsible for anything you do with this. also note that this only work at home or in an unmanaged network.

Have fun

Word – Any command line tool checking windows domain password

As from the question-comments you have access to the Active Directory. Go to Active Directory Management Console and right-click -> Find. Do a "Customer Search" and enter in the "Advanced Tab"

(&(objectClass=person)(objectClass=User)(pwdLastSet<=0))

This will give you all Accounts from the whole Directory that never changed their initaial set passwords.i

Best Answer

Related Solutions

Windows – ny way to change the password of the current user account using the command line

Word – Any command line tool checking windows domain password

Related Question