Ultimate Battle – Resetting User Account Password: PowerShell vs. Netwrix Password Manager

One of the most frequent tasks of an IT admin is resetting the user account passwords. This is a pretty simple and straightforward task, however if you’re managing hundreds of active users in your environment this might become a routine and time consuming process you’d want to optimize.

In this article we’ll compare the two approaches to resetting User Account Passwords:

  • Using Scripting in PowerShell
  • Using the Password Reset feature of Netwrix Password Manager

1)     Using PowerShell scripts

In his latest article ‘Managing Active Directory with PowerShell’ posted on windowsitpro.com, Darren Mar-elia describes the process of resetting the user account password in details. He suggests automating this task with the Set-ADAccountPassword cmdlet that can be used for either changing or resetting the account password: “Like the -AccountPassword parameter of the New-ADUser cmdlet, the Set-ADAccountPassword cmdlet leverages the SecureString data type for passwords, so you need to convert the plaintext passwords into secure strings.” So if one needs to reset the password for the user Anna Smith the new password should be stored as a secure string in the $pass variable. After that the following command can be run:

4

Parameters used in the command:

  • -Identity parameter (provides SAM account name for the Anna Smith)
  • -NewPassword parameter with the $pass variable (provides the new password)
  • -Reset parameter (tells the cmdlet that this is a password reset, not a password change)

If you want Anna Smith change her password at next logon you can do that by using the

3

2)     Using Netwrix Password Manager

Netwrix Password Manager is an identity management solution that is free of charge for up to 50 users. It provides two options for resetting the user account password:

  • Resetting the User Account Password through the Web-Based Help Desk Portal (allows admins reset the user passwords)

Launch the Help Desk Portal of the Netwrix Password Manager and search for the user you want to reset the password for.

1

Once the user is found, you can reset the password and specify that you want the user change the passwords at next logon.

2

  • Resetting User Account Password through the Self-Service Portal (allows users reset their passwords themselves)

Netwrix Password Manager allows users to reset passwords themselves through the Self-Service portal. In order to have this ability the user must be enrolled into the application by completing the enrollment form that contains several identity verification questions. They will be asked when the user decides to rest the password.

6

Once the form is completed the program confirms that the enrollment procedure has been finished successfully.

5

Now the user can reset the password himself and also specify if the password needs to be changed at next logon.

Verdict:

Both options are good for resetting the user account password. If you have very few users in your environment you might want to stick to the PowerShell scripting, because you would hardly be overloaded with password reset requests. But if you’re taking care of hundreds of users this will not be the best option in the long run as you’ll need to automate the password reset requests. This is where Netwrix Password Manager comes handy with its self-service password reset feature. There are some other important features you might want to consider such as:

  • Disconnected mode of operation – allows remote users who don’t have access to domain at logon time to reset password after answering verification questions
  • Auditing, security and compliance – all password resets and account unlock operations are logged in detail for security and compliance purposes
  • Alerting about account operations – e-mail alerts can be setup to notify administrators and end users about certain account operations, such as enrollments, password resets etc.