If you have ever worked as Windows Administrator in multi-domain environment, you would know the pain of switching to different domain controllers for resetting user’s passwords. Normal tactic which Admins employ is taking RDP of domain controller of respective domain and use Active Directory Users and Computers console to reset passwords of users in that domain. However, this process takes time and becomes hectic if you have to reset passwords of multiple users from multiple domains.
However, you can manage multiple domains in Active Directory Administrative Center. But that requires you to setup trusts between domains. Detailed information can be found here. This problem can be solved by using PowerShell script. In this tutorial, we are going to share with you a powershell script which allows you to reset/change passwords of users from multiple domains.
Best part of this script is that your system doesn’t need to be joined into any of the domain but all required domains must be reachable from your computer. This scripts has some features as well as some limitations. Here is brief overview:
Features & Requirements of Script
- Reset passwords of users in multiple domains.
- Switch between domains from same console.
- Admin credentials validation check.
- User Account validation check.
- Doesn’t require to be run on Domain controllers.
- User machine need not be joined to any domain.
- If you are running this script on your client system, RSAT tools need to be installed.
- Target domain must be reachable from your system. You may need to get required ports opened at Firewall end.
- You may need to create manual DNS entries for each domain in hosts file if target domain can’t be resolved directly.
- You must have Admin Credentials for all the domains for which you want to reset passwords.
- This script doesn’t have password complexity check for new password. Make sure you enter a valid password.
How to Reset Passwords of Users from Multiple Domains using PowerShell Script?
Let’s discuss the functioning of the script in some details. This script, first asks the user to enter the domain name which contains the target user account. Then, script asks for Admin credentials which are used for resetting user’s password in that domain. After that script prompts for user details whose password needs to be reset. Here are detailed steps explaining the functioning of the script. Script download link is available at the end of the post.
You can run the script in PowerShell as well but for the sake of simplicity and ease of access, we are going to create a shortcut to launch the script. First copy the script to a folder on your computer, then right-click in blank space and select New > Shortcut.
New shortcut window will open. Copy following code into the location bar and click Next:
powershell.exe -File "PathToScript\ScriptName.ps1" -ExecutionPolicy Bypass
Replace PathToScript\ScriptName.ps1 by actual path of the script as shown below.
In the next window, provide a name for the shortcut and click Finish.
Shortcut for running the script is ready but we still need to make some changes otherwise script will fail to run because by default, powershell will run the script in C:\Windows\System32 directory which requires Admin privileges. So, right-click the shortcut and select Properties.
In Properties window, clear the path provided in Start in: field and click OK.
Script is ready to rock! Just double-click the Shortcut we just created. Script will open in CMD window. You don’t need to run the script with Admin privileges, it works fine with standard user rights.
See Also: A to Z list of Windows CMD Commands.
It’s time to choose the domain which contains the target user. Remember, you will require Admin credentials for that domain. Enter domain name and press Enter (you can use full domain name or netBIOS name, both works fine). You will get a prompt asking for Admin credentials. Provide correct Admin credentials to continue. If you fail to provide correct credentials three times, script will exit.
After successfully validating Admin credentials, script will continue and will ask you for the username (samAccountName) of the user whose password you want to reset.
After you provide the username, script verifies the username from target domain. If username is found, script will prompt for new password for selected user. Otherwise, script will prompt 3 times for valid username and failing which it will exit with warning message.
Now provide new password for selected user. You will need to enter the password twice. If passwords don’t match, script will ask you 3 times before displaying exit choices. Script will reset password successfully and provide options for proceeding further.
After successfully resetting user’s password, you will be shown 3 options. You can choose any of them. You can press ‘1‘ to reset another user’s password in same domain. You will again prompted for providing username.
Second options is for pressing ‘2‘ to select new domain. You will be prompted to enter the domain name.
Third option is ‘press any other key‘ to exit the script. If you press anything except ‘1‘ or ‘2‘, script will exit with a message.
Simple PowerShell Utility to Reset Passwords in Multiple Domains
Above tutorial explained the functioning of the PowerShell script for resetting user’s passwords in multiple domains without logging into each domain’s AD servers. This script will definitely make lives of Windows Administrators easier. If you find this script useful, make sure to share this article with your friends. Also if you have any queries or suggestions, feel free to share in comments below. You can download the script from the link provided below.