Change (not reset!) my own domain user password on command prompt

I've read about the command net user <username> <password> /domain to "change" my domain account password. But this isn't asking for my current password, and I have the impression (although nobody warned me explicitly) that it really doesn't normally change/update my password, but instead reset it. This would mean that I lose access to all encrypted things bound to my credentials, e. g. EFS.

How can I change my password for a domain account on the command line without losing crypto access? I'm looking for a full functional equivalent of the Ctrl+Alt+Delete/Change Password GUI for automation. It should also accept the current password as command line parameter if necessary.

This is for Windows 7 and a similar-aged or more current domain controller. I have local administrator privilege but not for the domain, but I imagine that it shouldn't be necessary to change my own user password.

ygoe

Posted 2016-09-07T15:13:31.570

Reputation: 1 597

@Ramhound Linux works entirely differently. It has a single text file with password hashes that are only used for logins. You can use alternative login methods like SSH keys or su and still have all your data. Windows links crypto data to your credentials and this is what gets lost when you don't properly update your password, i. e. reset it. The Powershell command mentioned below also requires the old password unless the -reset switch is specified. – ygoe – 2016-09-08T08:03:42.933

Answers

It isn't asking for your current password because probably you run command/script as yourself, so it uses your credentials.

You can use PowerShell Set-ADAccountPassword for this, if you want more powerful feature to change your password. You can also get credentials from user with Get-Credential.

You can use them after installing RSAT (Remote Server Admin Tools) and importing module through command Import-Module ActiveDirectory.

hagier

Posted 2016-09-07T15:13:31.570

Reputation: 197

The command "Set-ADAccountPassword" is not recognised. Where does it come from? – ygoe – 2016-09-08T08:01:09.977

I updated answer, let me know if you get it work. – hagier – 2016-09-08T08:44:25.443

3Oh, I wasn't looking for installing large additional frameworks for this. So I can't use it. Still looking for a simple command line solution. – ygoe – 2016-09-08T09:36:49.720

You're trying to script ActiveDirectory actions, so I assumed you're an IT administrator (RSAT is a must-have). I have no idea where you have access, so maybe take a look at this article.

– hagier – 2016-09-08T10:12:57.923

2I mentioned Windows 7 in my question and that's the machine I'm sitting at. I am not the network administrator, I just want to automate changing regular domain users' passwords, and only when logged in interactively. I'm looking for an automation equivalent of the Ctrl+Alt+Delete GUI with CMD, PS or simple Win API calls. Since this is a standard GUI to me as a user, I don't perceive this as an administrative operation. – ygoe – 2016-09-08T12:17:19.103

The answer is irrelevant with the question. The question is changing own domain password using non windows server OS (win 7), which doesn't have this CMDlet. – iroel – 2018-06-21T04:46:15.283

-1

PowerShell.exe -command "Set-ADAccountPassword -Identity “” -OldPassword (ConvertTo-SecureString -AsPlainText "" -Force) -NewPassword (ConvertTo-SecureString -AsPlainText "" -Force) -server """

Jeffrey Walker

Posted 2016-09-07T15:13:31.570

Reputation: 1

I do not get it – Pierre.Vriens – 2018-06-20T15:57:14.100