If you have ever worked as Windows Administrator in a multi-domain environment, you would know the pain of switching to different domain controllers for resetting users’ passwords. Normally, IT admins take the RDP of the respective domain controllers to reset the passwords of users in that domain. However, this process takes time and becomes hectic if you have to reset the passwords of multiple users from multiple domains.
However, you can manage multiple domains in Active Directory Administrative Center. But that requires you to set up trusts between domains. Detailed information can be found here. This problem can be solved by using the PowerShell script. In this tutorial, we are going to share with you a PowerShell script that allows you to reset or change the passwords of users from multiple domains from a single place.
Features & Requirements of Script
The best part of this script is that your system doesn’t need to be joined into any of the domains. But all required domains must be reachable from your computer. This script has some features as well as some limitations. Here is a brief overview:
- Reset passwords of users in multiple domains.
- Switch between domains from same console.
- Admin credentials validation check.
- User Account validation check.
- Doesn’t require to be run on Domain controllers.
- User machine need not be joined to any domain.
- If you are running this script on your client system, RSAT tools need to be installed.
- Target domain must be reachable from your system. So, you should open required ports at Firewall end first.
- Create manual DNS entries for each domain in hosts file to resolve target domain without problems.
- You must have Admin Credentials of all the domains for which you want to reset passwords.
- This script doesn’t have password complexity check for new password. Make sure you enter a valid password.
Reset Passwords of Users from Different Domains using PowerShell Script
Let’s discuss the functioning of the script in some detail. This script, first asks the user to enter the domain name which contains the target user account. Then, the script asks for Admin credentials which are used for resetting the user’s password in that domain. After that script prompts for user details whose password needs to be reset.
Here are detailed steps explaining the functioning of the script. Script download link is available at the end of the post.
Step 1: Create Shortcut to Launch the Script
You can run the script in PowerShell as well but for the sake of simplicity and ease of access, we are going to create a shortcut to launch the script.
So, first of all, copy the script to a folder on your computer, then right-click in blank space and select New > Shortcut.
Step 2: Set Shortcut Parameters
A new shortcut window will open. Copy the following code into the location bar and click Next:
powershell.exe -File "PathToScript\ScriptName.ps1" -ExecutionPolicy Bypass
Replace PathToScript\ScriptName.ps1 with the actual path of the script as shown below.
In the next window, provide a name for the shortcut and click Finish.
Step 3: Clear ‘Start in’ Parameter of Shortcut
The shortcut for running the script is ready but we still need to make some changes to it. Otherwise, the script will fail to run because, by default, PowerShell will run the script in the C:\Windows\System32 directory which requires Admin privileges. So, to fix this, right-click the shortcut and select Properties.
In the Properties window, clear the path provided in the “Start in:” field and click OK.
Step 4: Run the PowerShell Script to Reset User Password
The script is ready to rock! Simply, double-click the shortcut we just created. The script will open in the CMD window. You don’t need to run the script with admin privileges, it works fine with standard user rights.
The script will ask you to enter the domain name first. So, enter the domain name to reset the passwords of users from that domain.
Step 5: Provide the Domain Name and Admin Credentials
It’s time to enter the domain name where the target user (whose password you wish to reset) exists. Remember, you will require Admin credentials for that domain.
Enter the domain name and press Enter (you can use a full domain name or NetBIOS name, both work fine). A prompt will show up asking for Admin credentials. Provide correct Admin credentials to continue. If you fail to provide correct credentials three times, the script will exit.
Step 6: Reset User Password from Multiple Domains
After successfully validating Admin credentials, the script will continue. Next, the script will ask you for the username (samAccountName) of the user whose password you want to reset.
After you provide the username, the script will check the username in the target domain. If the script finds the username successfully, it will prompt for the new password for the selected user. Otherwise, the script will prompt 3 times for a valid username, and failing which it will exit with a warning message.
Now provide a new password for the selected user. You will need to enter the password twice. If passwords don’t match, the script will ask you 3 times before displaying exit choices.
After you provide a valid password, the script will reset the password of the selected user and provide options for proceeding further.
SEE ALSO: A to Z list of Windows CMD Commands.
Step 7: Select Options to Proceed Further
After successfully resetting the user’s password, you will see 3 options. You can choose any of them depending on your requirement. So, if you want to reset the password of another user in the same domain, press ‘1‘. The script will show you a prompt for providing a username.
The second option is for pressing ‘2‘ to select the new domain. You will be prompted to enter the domain name.
The third option is ‘press any other key‘ to exit the script. If you press anything except ‘1‘ or ‘2‘, the script will exit with a message.
Download the PowerShell Script
Click the following link to download the script.
Use PowerShell Script to Reset Passwords in Multiple Domains
The above tutorial explained the functioning of the PowerShell script to reset users’ passwords in multiple domains without logging into each domain’s AD servers. We hope this script will make the lives of Windows Administrators easier.
If you find this script useful, make sure to share this article with your friends. Also if you have any queries or suggestions, feel free to share in the comments below. You can download the script from the link provided below.