Windows Server

Reset user passwords with Windows Server 2003's DSMod command-line tool

Windows Server 2003 features a command-line tool for modifying the properties of Active Directory (AD) objects called DSMod.exe. This is most useful for quick user password resets and other similar tasks. The GUI interface does the same thing, but being able to change these items from the command line opens up a host of options.

Windows Server 2003 features a command-line tool for modifying the properties of Active Directory (AD) objects called DSMod.exe. This is most useful for quick user password resets and other similar tasks. The GUI interface does the same thing, but being able to change these items from the command line opens up a host of options.

Say a user forgets the password for his Windows account. You can reset his password to a given default and set the password to require a change at the next logon. Follow these steps:

1. Open a command prompt on a Windows Server 2003 machine by entering cmd.exe in the Run box.

2. To reset a user's password to the default of password, enter the following:

Dsmod user <UserDN> -pwd password -mustchpwd yes

<UserDN> specifies the user account by distinguished name, for example: CN=Jim Jones, OU=Windows Updates, DC=Microsoft, DC=com.

This tells DSMod to set the password for the user object referenced by the distinguished name to password, and to set the User Must Change Password At Next Logon value to True. This will require the user to select a new password when he logs on. When the command succeeds, a message will display on the command line that lets you know the modification was successful. This process is much faster than sifting through the AD Users And Computers snap-in to find the user.

Bonus tip: For a list of attributes and other items associated with DSMod, enter DSMod.exe ? in the Run box.

If you do not know a user's distinguished name, you can look it up using two commands: DSQuery and DSget. Enter the following command on one line to get the user's distinguished name:

DSQuery user -name Derek | DSGet user -distinguishedname

  • For more details about Windows Server 2003 command-line tools, check out this article.

Miss a column?

Check out the Windows Server 2003 archive, and catch up on the most recent tips from this newsletter.

Stay on top of the latest WS2K3 tips and tricks with our free Windows Server 2003 newsletter, delivered each Wednesday. Automatically sign up today!

About

Derek Schauland has been tinkering with Windows systems since 1997. He has supported Windows NT 4, worked phone support for an ISP, and is currently the IT Manager for a manufacturing company in Wisconsin.

4 comments
sprinkl3s
sprinkl3s

if you dont know the users DN you could pipe the dsquery right into the dsmod command, here is an example: If you wanted to change the password for smith, joe: dsquery user -name Smith*joe | dsmod user -pwd xxx -mustchpwd yes

rapell
rapell

parameter is not working on my windows 2k3 server sp1.

jacky.cheung
jacky.cheung

be sure what dsquery returns with Smith*joe is really the Smith Joe you want to modify..

Onamission
Onamission

Check your spelling..............

Editor's Picks