Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Changing passwords from the command line
Changing passwords from the command line [message #157538] Wed, 08 July 2009 17:37 Go to next message
VGE  is currently offline VGE  United States
Messages: 7
Registered: July 2009
Junior Member
I have tried changing user passwords on a domain using both net user
[username] [password] and dsmod [userdn] [password] and both times I get
access is denied. The account that I am logged into is a copy of the
Administrator account. If I log in using the Administrator account the
commands work perfectly but any other account regardless of permissions
seem to get the access is denied message. Have I missed some privilege
or permission that is not copied when using the copy function in the ADS
mmc panel? Any help would be appreciated.
Re: Changing passwords from the command line [message #157554 is a reply to message #157538] Thu, 09 July 2009 02:55 Go to previous messageGo to next message
Syed Khairuddin  is currently offline Syed Khairuddin  Saudi Arabia
Messages: 77
Registered: June 2009
Member
Hello,

Are you trying this on the DC or from the client ?? Did u tried
the same thing with Active Directory Users and Computers ??
Re: Changing passwords from the command line [message #157574 is a reply to message #157538] Thu, 09 July 2009 08:25 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Please include the command you are attempting to use. Just change the name
and password so as not to expose and internal information.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"VGE" <msvge@community.nospam> wrote in message
news:%23bDTmRBAKHA.4432@TK2MSFTNGP02.phx.gbl...
>I have tried changing user passwords on a domain using both net user
>[username] [password] and dsmod [userdn] [password] and both times I get
>access is denied. The account that I am logged into is a copy of the
>Administrator account. If I log in using the Administrator account the
>commands work perfectly but any other account regardless of permissions
>seem to get the access is denied message. Have I missed some privilege or
>permission that is not copied when using the copy function in the ADS mmc
>panel? Any help would be appreciated.
Re: Changing passwords from the command line [message #157580 is a reply to message #157554] Thu, 09 July 2009 09:43 Go to previous messageGo to next message
VGE  is currently offline VGE  United States
Messages: 7
Registered: July 2009
Junior Member
Syed Khairuddin wrote:
> Hello,
>
> Are you trying this on the DC or from the client ?? Did u tried
> the same thing with Active Directory Users and Computers ??
>
Yes on the DC and as long as I am signed in as administrator I can do
all the changes even from Active Directory Users and Computers. The
problem is doing it from a copied administrator account.
Re: Changing passwords from the command line [message #157582 is a reply to message #157574] Thu, 09 July 2009 09:42 Go to previous messageGo to next message
VGE  is currently offline VGE  United States
Messages: 7
Registered: July 2009
Junior Member
Paul Bergson [MVP-DS] wrote:
> Please include the command you are attempting to use. Just change the name
> and password so as not to expose and internal information.
>
I've tried:

net user TestU ResetPass123! /domain

And:

dsmod "CN=Test User,OU=Users,DC=Domain,DC=com" -pwd ResetPass123!
Re: Changing passwords from the command line [message #157597 is a reply to message #157580] Thu, 09 July 2009 13:00 Go to previous messageGo to next message
KevinJ.SBS  is currently offline KevinJ.SBS  United States
Messages: 653
Registered: July 2009
Senior Member
VGE wrote:
> Syed Khairuddin wrote:
>> Hello,
>>
>> Are you trying this on the DC or from the client ?? Did u
>> tried the same thing with Active Directory Users and Computers ??
>>
> Yes on the DC and as long as I am signed in as administrator I can do
> all the changes even from Active Directory Users and Computers. The
> problem is doing it from a copied administrator account.

Start the command prompt with a runas administrator.

--
/kj
Re: Changing passwords from the command line [message #157606 is a reply to message #157597] Thu, 09 July 2009 15:59 Go to previous messageGo to next message
VGE  is currently offline VGE  United States
Messages: 7
Registered: July 2009
Junior Member
That would be fine if I was not incorporating it into a .NET App that
executes the commands through an SSH shell.

kj [SBS MVP] wrote:
> VGE wrote:
>> Syed Khairuddin wrote:
>>> Hello,
>>>
>>> Are you trying this on the DC or from the client ?? Did u
>>> tried the same thing with Active Directory Users and Computers ??
>>>
>> Yes on the DC and as long as I am signed in as administrator I can do
>> all the changes even from Active Directory Users and Computers. The
>> problem is doing it from a copied administrator account.
>
> Start the command prompt with a runas administrator.
>
Re: Changing passwords from the command line [message #157638 is a reply to message #157582] Fri, 10 July 2009 08:19 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
I have had problems with nltest when I specifiy a password. Make sure you
are running in an elevated command shell (If you log on as admin make sure
you did a runas admin) or UAC is disabled and try the following and see if
it makes any difference.

net user TestU * /domain

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"VGE" <msvge@community.nospam> wrote in message
news:u80kAtJAKHA.5092@TK2MSFTNGP03.phx.gbl...
> Paul Bergson [MVP-DS] wrote:
>> Please include the command you are attempting to use. Just change the
>> name and password so as not to expose and internal information.
>>
> I've tried:
>
> net user TestU ResetPass123! /domain
>
> And:
>
> dsmod "CN=Test User,OU=Users,DC=Domain,DC=com" -pwd ResetPass123!
>
Re: Changing passwords from the command line [message #159063 is a reply to message #157538] Thu, 23 July 2009 11:19 Go to previous messageGo to next message
VGE  is currently offline VGE  United States
Messages: 7
Registered: July 2009
Junior Member
To add a wrinkle. I can create an admin account, login using that
account and change users through the mmc snap-in for active directory
users and computers, however if I go to a command prompt (while logged
in as the same admin user) and use "net user" or "dsmod" then I get the
access denied error.

This indicates to me that the net user and dsmod commands use a
different set of security access rights than those of the mmc. Any input
into this discrepancy?

VGE wrote:
> I have tried changing user passwords on a domain using both net user
> [username] [password] and dsmod [userdn] [password] and both times I get
> access is denied. The account that I am logged into is a copy of the
> Administrator account. If I log in using the Administrator account the
> commands work perfectly but any other account regardless of permissions
> seem to get the access is denied message. Have I missed some privilege
> or permission that is not copied when using the copy function in the ADS
> mmc panel? Any help would be appreciated.
Re: Changing passwords from the command line [message #159105 is a reply to message #159063] Fri, 24 July 2009 08:12 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Are you running this under Windows Vista, Windows 2008 or the upcoming new
releases of these o/s's? If so are you being blocked (At the command prompt
prompt by UAC?

If you are running one of these newer o/s's:
Start / Programs / Accessories / Right Click on Command Prompt
Select "Run as Administrator"

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"VGE" <msvge@community.nospam> wrote in message
news:u4UQ9j6CKHA.4376@TK2MSFTNGP04.phx.gbl...
> To add a wrinkle. I can create an admin account, login using that account
> and change users through the mmc snap-in for active directory users and
> computers, however if I go to a command prompt (while logged in as the
> same admin user) and use "net user" or "dsmod" then I get the access
> denied error.
>
> This indicates to me that the net user and dsmod commands use a different
> set of security access rights than those of the mmc. Any input into this
> discrepancy?
>
> VGE wrote:
>> I have tried changing user passwords on a domain using both net user
>> [username] [password] and dsmod [userdn] [password] and both times I get
>> access is denied. The account that I am logged into is a copy of the
>> Administrator account. If I log in using the Administrator account the
>> commands work perfectly but any other account regardless of permissions
>> seem to get the access is denied message. Have I missed some privilege or
>> permission that is not copied when using the copy function in the ADS mmc
>> panel? Any help would be appreciated.
Re: Changing passwords from the command line [message #159298 is a reply to message #159105] Tue, 28 July 2009 09:41 Go to previous messageGo to next message
VGE  is currently offline VGE  United States
Messages: 7
Registered: July 2009
Junior Member
Paul Bergson [MVP-DS] wrote:
> Are you running this under Windows Vista, Windows 2008 or the upcoming new
> releases of these o/s's? If so are you being blocked (At the command prompt
> prompt by UAC?
>
> If you are running one of these newer o/s's:
> Start / Programs / Accessories / Right Click on Command Prompt
> Select "Run as Administrator"
>
It is Windows 2008 server. And no UAC prompt appears. Are you saying
that command prompt no longer inherits the rights of the logged in user?
If it does then this should work without needing that step since the
logged in user has the rights to manage accounts. If not then I have a
larger issue since the ultimate goal is to be able to SSH into the
machine and issue net user commands for password resets and changes.
Re: Changing passwords from the command line [message #159372 is a reply to message #159298] Wed, 29 July 2009 08:25 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Right click on the command prompt and then right clight on the command
prompt from the pop up menu and select runas administrator and try it again.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"VGE" <msvge@community.nospam> wrote in message
news:%23t5Hvk4DKHA.3732@TK2MSFTNGP02.phx.gbl...
> Paul Bergson [MVP-DS] wrote:
>> Are you running this under Windows Vista, Windows 2008 or the upcoming
>> new releases of these o/s's? If so are you being blocked (At the command
>> prompt prompt by UAC?
>>
>> If you are running one of these newer o/s's:
>> Start / Programs / Accessories / Right Click on Command Prompt
>> Select "Run as Administrator"
>>
> It is Windows 2008 server. And no UAC prompt appears. Are you saying that
> command prompt no longer inherits the rights of the logged in user? If it
> does then this should work without needing that step since the logged in
> user has the rights to manage accounts. If not then I have a larger issue
> since the ultimate goal is to be able to SSH into the machine and issue
> net user commands for password resets and changes.
Previous Topic:ADAM and SSL Certificates
Next Topic:AD Object Not updated
Goto Forum:
  


Current Time: Fri Oct 20 10:02:48 EDT 2017

Total time taken to generate the page: 0.05913 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software