I am going to show a couple of very easy ways to change or reset a user’s local or domain account password using PowerShell. You do not need any PowerShell modules. Just built in PowerShell will be used to change the password.
Why do anything with PowerShell when you can already use CMD?
An important concept to grasp is the ability to reuse code and process multiple items.
“I can already use the NET USER command from CMD. Why use PowerShell?”
We want to use PowerShell for 3 reasons:
Lets dive into an example to make a great point about the reusability and the ability to handle multiple password changes with a single command.
First, we need to get a list of users to change the passwords on. We’ll use WMI for this task.
A great thing about using WMI for this task is that it can be used remotely or locally. If you want to run this on a remote computer (appropriately named “remote-pc”) it’s almost as easy – no extra setup required (firewall exceptions and RPC come in handy though.)
$userlist = get-wmiobject win32_useraccount
$remoteuserlist = get-wmiobject win32_useraccount –computername “remote-pc”
Secondly, we’ll look at how to change a password using the ADSI object in .NET.
To get the ADSI object for a user, we need the computer name that the local account belongs to, and the user account name. One thing that we can use from the list of user accounts from WMI that we got with PowerShell is that the computer name and user account name are both listed in a property called “Caption”. Too bad the Caption property uses a backslash (“\”) and ADSI uses a slash (“/”). To get around that, I will use the string method Replace(). That part looks like this:
$userlist[0].caption.replace(“\”,”/”)
There are several options for telling the ADSI class what kind of account to connect to. Two of those I find : WinNT (for local accounts), and LDAP (for domain accounts). Those are case sensitive. Since we’re looking for a local account, it will be in this format:
[adsi]“WinNT://local-PC/accountname”
Retrieving a domain user account is just as easy. It’s in the form:
[adsi]“LDAP://www.contoso.com/accountname”
There are two options for creating the user account object: use it one time then it’s gone, or save it as a variable.
If you’re going to do a password reset, and will not be making any other changes, you can use this simple method of creating your user object instance. Just use parentheses around the object, and this will ensure that the object is able to be referenced and methods can be run from it. It looks like this:
([adsi]“WinNT://Remote-PC/AccountName”).SetPassword(“Shazbot!”)
After this runs, the password for the account “Accountname” on the computer “Remote-PC” is set to “Shazbot!”. There is no further reference to the object in the script.
If you know the computer name, and the account name, this one liner will set your password:
([adsi]“WinNT://<Local or Remote Computer Name>/<Username>”).SetPassword(“<Password>”)
On the other hand, if you’re going to need to account for anything else, such as viewing or changing any other property on the account, then you should keep it as a variable. It’s very similar to the first method:
[adsi]$userVariable = “WinNT://<Local or Remote Computer Name>/<Username>”
Now you have a variable that represents the user account, and you can change the password using the same SetPassword() method used above.
$userVariable.SetPassword(“Gilligan+Skipper=TrueLove4Ever”)
Here’s a quick one-liner that sets all user accounts on a computer to have the same password.
Get-WmiObject win32_useraccount | Foreach-Object { ([adsi](“WinNT://”+$_.caption).replace(“\”,”/”)).SetPassword(“FluxCapacitor!11-5-1955”) }
If that seems like gibberish to you, here’s the translation:
Get the local user accounts from WMI, and since we’re not done with those objects, they are passed through the pipeline. They are the input for the Foreach-Object, which applies everything that’s in the scriptblock to each individual user account. When being passed through the scriptblock, individual user accounts are referenced by the “$_”. We build a string like “WinNT://computer/user” by switching the “\” symbol from the user accounts “caption” property into a “/” by the use of the string method Replace. After the string is put together, [adsi] processes and creates an ADSI reference to the real user account on the computer. The SetPassword method is called on the object, which sets the password to “FluxCapacitor!11-5-1955”. It performs that on each local user account, and then it’s done.
PowerShell can be used to administer every facet of Windows Operating Systems. In this example we see how to easily use PowerShell to work with .NET and WMI to get a list of user accounts from the local, or the remote, system. The ability to both query WMI and take actions from .NET in the same command is just one example of the flexibility and robustness of PowerShell, and it’s improvements over previous ways of managing one account at a time.