Domain Controller in Azure VM with expired password

Came across an interesting situation this morning and thought I would drop the solution I found here incase anyone else needs to figure this out.

Situation:

  • Active Driectory Domain Controller in an Azure VM
  • Your admin account has an expired password
  • RDP’ing to the machine says your password is expired and you need to set a new one, but it keeps prompting you around in the circle that you need to udpate it … but you can’t. 

The first thing you will likely try is the Reset Password option in the Azure portal. It doesnt work for Domain Controllers (this changed recently … no idea why). You get an error message that says:

VMAccess Extension does not support Domain Controller

At this point you start trying to figure out if there is another admin account you can use to log in with. In my case this as a dev/test AD box and it only had the one admin account on it.

Solution:

Before you go and delete the VM and build up a new one I found an interesting way to fix this.

You can use the azure portal and a VM extension to upload and run a script on the machine to reset the password for you. Here is how you do it.

  • Create a script called “ResetPassword.ps1”
  • Add one line to that script

net user <YouAdminUserName> <YourNewPassword>

  • Go to the VM in the azure portal
  • Go into the extensions menu for that VM
  • In the top mentu pick “Add”
  • Choose the Custom Script extension

 

  • Click Create
  • Pick your ResetPassword.ps1 script file 
  • Ok

Wait for the extension to be deployed and run. After a while you will see the status that looks something like this:

You should be set to RDP into your machine again with the new password you set in the script file.

I have no idea why the reset password functionality in Azure decided to exclude AD DCs … but if you get stuck i hope this helps.

-CJ

13 thoughts on “Domain Controller in Azure VM with expired password

  1. Pingback: Resetting a password when "reset password" doesn't work in the portal. - How to Code .NET

  2. Kevin Suter

    Thanks a lot Chris. This article solved my problem. Although I had to reactivate an account and not reset the password, the process with the extension and the PowerShell script was exactly the same. Cheers, Kevin

    Reply
  3. Pingback: MS Cloud Show – Episode 240 | New Microsoft Support for Startups along with Azure and SharePoint News - Collab365 Community

  4. Jörg Wilke

    Thanks Chris! This worked perfect for me in a desperate situation!

    Don’t forget to ask for your beer when you are in Germany (Frankfurt area)

    Regards, Jörg

    Reply
  5. RD

    Just wanted to thank you. Saved me from wiping out my whole lab. Not to mention the countless hours before getting to that point not giving up on finding a solution.

    You’re the man!

    Reply
  6. eric

    This doesn’t work for me. my script is good but it doesn’t run with admin rights on the VM and fails?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *