27
15
Macs work well in Windows corporate environments, but a lot of companies require you to change your password after a period of time (3 months for example).
How do you change your Windows domain password without having to boot a PC?
27
15
Macs work well in Windows corporate environments, but a lot of companies require you to change your password after a period of time (3 months for example).
How do you change your Windows domain password without having to boot a PC?
22
From the terminal:
$ smbpasswd -U username -r DOMAIN_CONTROLLER_IP
$ smbpasswd -h
When run by root:
smbpasswd [options] [username]
otherwise:
smbpasswd [options]
options:
-L local mode (must be first option)
-h print this usage message
-s use stdin for password prompt
-c smb.conf file Use the given path to the smb.conf file
-D LEVEL debug level
-r MACHINE remote machine
-U USER remote username
extra options when run by root or in local mode:
-a add user
-d disable user
-e enable user
-i interdomain trust account
-m machine trust account
-n set no password
-W use stdin ldap admin password
-w PASSWORD ldap admin password
-x delete user
-R ORDER name resolve order
9
Another suggestion is to log in to your company's Email Web Portal. Many companies are using MS Exchange which supports changing your password through your web email session. I had this exact issue with users who were not on macs, but instead would never touch a machine that was part of the Active Directory. The webmail/password change interface made this possible and it worked for several hundred users. I must admit the failure messages were quite cryptic and utterly useless. If the password change fails because your new password lacks the complexity, it will likely fail at telling you that. So just be aware of that one limitation.
Ah, I should have mentioned that I would have done that if it worked at my company. It always says it works and does nothing. Good suggestion. – Harvey – 2009-08-10T16:26:45.100
The cryptic messages definately do not accurately describe whether the password change was succeful. The biggest problems I saw were related to passwords that did not meet the length, Uppercase/Lowercase, number and symbol within the password itself. You have to choose a very complex password for this to work correctly. – Axxmasterr – 2009-08-10T16:51:10.573
I should have added that if your password change fails because of rules, the command-line approach will give you some indication of failure while (in my experience) the web method just silently fails. However, always try the web portal method first, if available. – Harvey – 2011-01-12T22:52:48.507
3
Piggybacking off of @Havey's answer (requires non-Apple Samba, macports etc.):
I never know/remember what the IP is of the domain controller, so I've created the below script to just bring up smbpasswd
to the old/new password prompt.
#!/bin/bash
USER="joe.bob"
DOMAIN="acme.com"
smbpasswd -U $USER -r `nslookup _ldap._tcp.dc._msdcs.$DOMAIN | awk '{print $2;exit;}'`
1
You can create a password boot disk with the following password live CDs:
0
smbpasswd
is no longer present in Lion or above
To bypass this, you can simply use a docker image with the right command lines (from samba-common-bin
package). This will work even for windows or linux. See related Q/A:
smbpasswd command not found on MacOS High Sierra
Using docker image from github.com/GabLeRoux/docker-debian-samba-common-bin:
docker run --rm -it gableroux/debian-samba-common-bin \
bash -c "smbpasswd -U my_activedirectory_username -r 10.x.y.z"
Alternate solution, use kpasswd
:
kpasswd user@REALM
5The
samba
package is part of the “default” Homebrew now, so you can just typebrew install samba
instead of using that URL. – bdesham – 2014-11-24T17:28:16.9773
smbpasswd
doesn't work on macOS 10.12.5, andbrew install samba
says "No available formula". Are there other options (not the web portal)? – Paaske – 2017-06-06T08:29:22.9031
If you are using macOS High Sierra (10.13.4) or Sierra you can install samba using macports https://www.macports.org/install.php, then you can use port command: port install samba3 and after that you can follow instructions described above, smbpasswd should be available.
– neosergio – 2018-05-04T16:07:17.7631Adding to my last comment, if you get this error: Can't load /opt/local/etc/samba3/smb.conf - run testparm to debug it, you need a smb.conf file, you can copy and rename the template located in /opt/local/etc/samba3, so command should be: sudo cp /opt/local/etc/samba3/smb.conf.sample /opt/local/etc/samba3/smb.conf – neosergio – 2018-05-04T16:57:30.337
I posted this here because every 3 months I forget how to do this and figure someone else might benefit from this information. – Harvey – 2009-08-10T15:59:09.197
9Unfortunately
smbpasswd
is no longer present in a clean install of Lion. – Nate – 2011-08-03T18:15:43.2803If you're running Homebrew, you may want to try running
brew install https://raw.github.com/vertis/homebrew/master/Library/Formula/samba.rb
– Pål Brattberg – 2011-10-24T09:15:53.493For Lion, you can also install samba via mac ports. It worked for me. – Gareth – 2012-01-19T17:01:25.397
DOMAIN_CONTROLLER_IP
can also be the name of the domain controller and you can know it withnet rpc info -W DOMAIN_NAME -U USERNAME
. – Vanni – 2012-09-26T09:19:25.493