Remko Weijnen's Blog (Remko's Blog)
About Terminal Server, Citrix, Delphi and other stuff
I needed to do a mass password change on imported accounts and decided to do this with Powershell. For some reason (maybe because I am using PowerShell 2.0) I got an unexpected error when using the Password property or the SetPassword method (RandomPassword is a function I wrote that generates Random passwords the meet the Complexity Requirements):
1 2 | $user.Password = RandomPassword $user.CommitChanges() |
The following exception occurred while retrieving member “CommitChanges”: “Logon failure: unknown user name or bad password.
I first thought that my Password Generator function created a password that didn’t meet the Complexity Requirements but settings the same password through Active Directory Users & Computers was no problem.
I also tried the SetPassword method but it has the same result. The only working way was to use the Invoke method of PSBase:
1 2 | $user.PSBase.Invoke("SetPassword", "SecretDifficultPassword2009") $user.CommitChanges() |
I also verified if using a simple password gave another error:
Exception calling “Invoke” with “2″ argument(s): “The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5)”
I don’t know why the Password Property and SetPassword Method do not work but I guess it’s a problem in PowerShell’s implementation of the ADSI provider. If someone has the answer please leave a comment!
Profile
Tags
.NET .NET FrameWork Active Directory Altiris Automation Manager bug Citrix datastore Dell Delphi Excel Exchange Exchange2003 Exchange2010 Hack HP iOS Java LinkedIn Linux Lync Office Office 2010 Outlook Passat Password PowerPoint PowerShell RES RNS510 SasLibEx Security Terminal Server ThinApp TSAdminEx Unattended VBS VCDS Vista Visual Basic VMWare Volkswagen Windows PE Wordpress XenApp
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
Views
Recent Comments
- Hayley on Query Active Directory from Excel
- Marcel on Excel 2010 multi-threaded calculation
- 3 tips to harden your XenAppRES environment | Bram Wolfs blog on The XLSploit explained
- Brittany on Patch Windows 2003 Terminal Server to allow more than 2 concurrent sessions
- David Heffernan on Returning a string from unmanaged dll to .net
Donate
Blogroll
- Andrew Morgan
- Arnout’s blog
- Assa’s Blog
- Barry Schiffer
- Delphi Praxis
- Ingmar Verheij
- Jedi Api Blog
- Jedi API Library
- Jeroen Tielen
- Kees Baggerman
Categories
- .NET (2)
- Active Directory (28)
- Altiris (36)
- Apple (3)
- Application Compatibility (10)
- Automotive (4)
- C# (5)
- C++ (2)
- Citrix (76)
- Delphi (60)
- Embedded (4)
- Exchange (16)
- General (67)
- iPhone (5)
- Java (8)
- Lync (2)
- Oracle (4)
- Other (1)
- Packaging (19)
- PowerShell (46)
- Programming (78)
- Quest (1)
- RES (6)
- script (22)
- SQL Server (10)
- Strange Error (3)
- Terminal Server (67)
- ThinApp (3)
- Unattended Installation (19)
- Uncategorized (31)
- Vista (36)
- VMWare (21)
- Windows 2003 (29)
- Windows 2008 (35)
- Windows 2008 R2 (14)
- Windows 7 (27)
- Windows 8 (2)
- Windows Internals (11)
- Windows XP (15)
Archives
- May 2013 (2)
- April 2013 (5)
- March 2013 (5)
- February 2013 (1)
- January 2013 (5)
- December 2012 (9)
- November 2012 (3)
- October 2012 (3)
- August 2012 (4)
- July 2012 (2)
- June 2012 (1)
- May 2012 (6)
- March 2012 (13)
- February 2012 (12)
- January 2012 (9)
- December 2011 (9)
- November 2011 (4)
- October 2011 (5)
- September 2011 (10)
- August 2011 (10)
- July 2011 (2)
- June 2011 (8)
- May 2011 (12)
- April 2011 (4)
- March 2011 (14)
- February 2011 (8)
- January 2011 (32)
- December 2010 (23)
- November 2010 (19)
- October 2010 (10)
- September 2010 (6)
- August 2010 (1)
- July 2010 (1)
- June 2010 (6)
- March 2010 (7)
- February 2010 (3)
- December 2009 (3)
- November 2009 (11)
- September 2009 (2)
- July 2009 (1)
- June 2009 (5)
- May 2009 (1)
- April 2009 (2)
- March 2009 (3)
- February 2009 (6)
- January 2009 (3)
- December 2008 (8)
- November 2008 (5)
- October 2008 (3)
- September 2008 (3)
- August 2008 (3)
- June 2008 (6)
- May 2008 (2)
- April 2008 (3)
- March 2008 (5)
- January 2008 (3)
- December 2007 (3)
- November 2007 (13)
- October 2007 (10)
2 Responses for "PowerShell 2.0: Changing password through ADSI problem"
to use with setpassword you may have to use
$secure_string_pwd = convertto-securestring “Password2007″ -asplaintext -force
Your Problem is the following (came across with it too)
Your Function generates Passwords. In these Passwords my be Symbols for example like “$”.
But If you save the string with $ in a variable it will replace it due to assuming there is a variable used in the string!
So dont use “Password” use ‘Password’ !!!!
It wont replace then.
have a try with :
([adsi](“WinNT://”computername/user)).SetPassword(“Pa$$w0rd”)
([adsi](“WinNT://”computername/user)).SetPassword(‘Pa$$w0rd’)
[Replace computername/user with your Credentials or via variable e.g Workstation/Thomas
Leave a reply