2

We have Windows 7 desktops and a Windows Server 2012R2 server. I have a user who needs to map a network drive which is on a server in a different AD domain from ours (over the WAN). I have created an account for him in AD over there, and I set it to "User must change password at next logon". How can he map the network drive?

Mapping is easy to do, ostensibly... But when he attempts to do so, Windows gives an error that he must change his password, yet it does not provide a prompt to do so.

I have no desktops in the remote domain that he can log into. Is there a way to set the password remotely? I have checked https://serverfault.com/questions/570476/how-can-a-standard-windows-user-change-their-password-from-the-command-line but I don't think the techniques given work over two separate domains. Furthermore I'm not a Powershell user :-( (I can answer your Bash questions, though! :-) )

Thanks.

Community
  • 1
Mike S
  • 1,145
  • 5
  • 22
  • 42
  • [PsPasswd](https://technet.microsoft.com/en-us/sysinternals/bb897543) might get you close, but you will need an existing administrative credential to authenticate with the domain first (how you secure *that* credential is down to you)... – jimbobmcgee Feb 18 '16 at 18:38
  • `Furthermore I'm not a Powershell user` - looks like that's about to change. :) – Ryan Ries Feb 18 '16 at 20:51

1 Answers1

1

This does not require any exotic knowledge of Powershell. All you need is to have Active Directory PowerShell Module installed and then use Set-ADAccountPassword cmdLet. Works for users with or without "must change password on next logon"

$env:userdnsdomain
blue.com
Set-ADAccountPassword -id eFudd -server someDC.green.com
Please enter the current password for 'CN=Elmer Fudd,OU=Users,DC=green,DC=com'
Password: ********
Please enter the desired password for 'CN=Elmer Fudd,OU=Users,DC=green,DC=com'
Password: ********
Repeat Password: ********
Clayton
  • 4,523
  • 17
  • 24
  • I am attempting to do this, by following the instructions here: https://blogs.msdn.microsoft.com/rkramesh/2012/01/17/how-to-add-active-directory-module-in-powershell-in-windows-7/ . Note that his screenshot is too short; I have enabled everything under "Remote Server Administration Tools" -> "Role Administration Tools" – Mike S Feb 26 '16 at 15:21
  • Looks like I need a little more knowledge that creeps toward the exotic. After following the instructions, `Set-ADAccountPassword` tells me: `Unable to contact the server. This may be because this server... does not have Active Directory Web Services running`. I'm guessing it's correct. When I initially ran the module, I got a warning: `Unable to find a default server with Active Directory Web Services running.` – Mike S Feb 26 '16 at 15:31
  • This is probably because we're running Windows Server 2003. Time to upgrade! – Mike S Feb 26 '16 at 15:34