Renew Active Directory User Password Without Knowing It
Today we’ll how you can renew an Active Directory user password, without knowing it. It can be very convenient when you have a service account with a password expiration but don’t want to change it for whatever reason. It can also save the day when you have one of your VIP user that is in a kind of emergency and need his mailbox access but you can’t change the password be cause he doesn’t have a secure AD access. You can have plenty of reasons to perform that kind of action.You can do that action in PowerShell, or with an Active Directory administration console.
To achieve that with PowerShell, you need the Active Directory PowerShell module.
Set-ADUser -Identity Chewbacca.Chewbacca -ChangePasswordAtLogon $true Set-ADUser -Identity Chewbacca.Chewbacca -ChangePasswordAtLogon $false
Start Active Directory Users & Computers console, search for a user, right click, properties, and then go to the “Account” tab:
Start the Active Directory Administration Center, search for a user, double click, and then search for “User must change password at next log on”:
As you can see, forcing password change at next logon reset the “PwdLastSet” attribute to now. This allow the password to be renewed without anyone but the user knowing it.
Note: My test users where created by StarWars PowerShell module.