Reset Expired Domain Admin Password in Azure VM
If you only have one domain admin account set up in a Windows Server domain running in an Azure VM, you might be left struggling to enter a new password when the current one expires. In this Ask the Admin, I’ll show you how to reset a domain account password using an Azure VM extension.
If like me, you use Azure for testing, you may have come across an issue where a Windows Server domain admin password expires. There’s no way to reset it when it expires. You get the option to log in as another user but the ability to reset the password is not displayed when connecting to the virtual machine using Remote Desktop (RDP). This wouldn’t be a problem provided you have more than one domain administrator account. But in testing scenarios, it’s easy to forget that having only one domain admin account might cause you a problem in the future.
Azure includes a feature for resetting VM administrator passwords in cases where you get accidentally locked out. But it doesn’t support Windows domain controllers because Azure can only reset passwords of the local administrator account that is created when the VM is provisioned. Domain controllers don’t have a local administrator account, so there’s nothing for Azure to reset.
Create a Script to Reset the Domain Admin Account Password
The first step is to create a script to reset the domain administrator password. Open Notepad and save a file with the following command:
net user adadmin NewPassW0rd!
The above net user command will set the password for the account called adadmin. Replace adadmin with the name of your domain administrator account, followed by the desired password. Save the file as passwordreset.ps1 and close Notepad.
Add the Custom Script Extension to a VM
Now that the script is prepared, we can run it on a domain controller using the Azure Custom Script Extension.
- Log in to the Azure management portal here.
- In the panel of services on the left of the portal, click Virtual machines.
- In the list of virtual machines, click the VM that hosts the domain controller.
- Click Start if the VM is not already running. Wait for the VM to start.
- In the VM’s panel, click Extensions under SETTINGS.
- Click + Add to add a new extension to the VM.
- In the New resource panel, click Custom Script Extension.
- In the Custom Script Extension panel, click Create.
- In the Install extension panel, click the Browse icon to the right of the Script file field.
- Select the passwordreset.ps1 file created in the previous steps and click Open.
- Leave the Arguments field blank and click OK.
You will see a notification in the top right of the management portal to indicate that the extension has been created and successfully run. Once you receive the notification, try logging in to the domain controller using the account and password specified in the script file.
Once you’ve successfully logged in, you can remove the extension from the VM. To avoid having to repeat these steps in the future, either create a second domain admin account or set the ‘Password never expires’ flag on the domain administrator account in Active Directory Users and Computers (ADUC).
In this article, I showed you how to reset the password of a domain administrator account in an Azure VM using the Custom Script Extension.
Follow Russell on Twitter @smithrussell.
More in Cloud Computing
Google to Open Three New Cloud Regions in Malaysia, Thailand, and New Zealand
Aug 10, 2022 | Rabia Noureen
Start Planning for AWS re:Invent 2022 in Las Vegas on Nov. 28 – Dec. 2
Aug 9, 2022 | Michael Otey
Amazon CloudFront Vs. Cloudflare: How to Choose the Right CDN
Aug 2, 2022 | Sukesh Mudrakola
AWS Porting Assistant Moves VB.NET Apps to .NET Core
Jul 22, 2022 | Michael Otey
Oracle Teams Up with Microsoft to Launch New Database Service for Azure
Jul 21, 2022 | Rabia Noureen
Inspire 2022: Microsoft Launches Cloud for Sovereignty to Protect Government Customers
Jul 19, 2022 | Rabia Noureen
Most popular on petri