Active Directory Friday: Change a user’s password

It is one of the most common tasks Active Directory administrators face, changing a user’s password or unlocking their account. Today we will discuss how this can be done in Powershell using either the Active Directory module or [adsi] type accelerator for this purpose.

Setting or resetting a password is rather straight forward using the Active Directory cmdlets, simply use Get-ADUser to get the AD user object and pipe it into Set-ADAccountPassword:

1
Get-ADUser jaapbrasser | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "secretpassword01" -Force)

To unlock an account the Unlock-ADAccount cmdlet can be used:

1
Get-ADUser jaapbrasser | Unlock-ADAccount

To both unlock and change the password of a user using the ADSI type accelerator the following code can be used:

1
2
3
4
$User = [adsi]([adsisearcher]'samaccountname=jaapbrasser').findone().path
$User.SetPassword("secretpassword01")
$User.lockoutTime = 0
$User.SetInfo()
Share

Leave a Reply