CHGPass: Command-Line Tool to Change Active Directory Passwords

by · Published · Updated

chgpass.exe is a Windows standalone executable tool that allows you to change the password of user/computer accounts in Active Directory (AD) via MS-SAMR protocol.

This tool can be used when you have the necessary permissions on the objects but need a simple way to set passwords using a standalone exe command line.

Use

To get the help message and list of arguments, run the following command:

Mandatory Arguments:

  • -t <target_account>
    Specify the target account whose password you want to modify. If you want to cnage the DSRM password specify **DSRM** (case sensitive) as target_account

  • -m <new_password>
    Specify the new password for the target account.

Optional Arguments:

  • -u <user>
    Specify the username for authentication (if different from the current user).

  • -p <password>
    Specify the password for authentication.

  • -d <domain>
    Specify the domain to authenticate to.

  • -c <domain_controller>
    Specify the name of the domain controller to connect to.

  • -l <server>
    Specify the name of the server to connect to.

Example Usage

To change the password of a target user target_account using an alternate account:
chgpass.exe -t target_user -m newpassword123 -u admin -p adminpassword -d mydomain.local -c dc1.mydomain.local
In this example:

  • The username for authentication is admin.
  • The password for authentication is adminpassword.
  • The domain to connect to is mydomain.local.
  • The domain controller to connect to is dc1.mydomain.local.
  • The target account target_user will have their password changed to newpassword123.

To change the password of a local account of a remote domain joined machine:
chgpass.exe -t localuser1 -m Superp@ss! -l remoteserver

To change the password of a local account of a remote domain joined machine from a non domain joined machine:
chgpass.exe -t localuser1 -m newpassword123 -u admin -p adminpassword -d mydomain.local -c dc1.mydomain.local -l remoteserver

To change the password of DSRM mode, which is the local administrator account on the Domain Controllers stored in local SAM:
chgpass.exe -t **DSRM** -m "" -u admin -p adminpassword -d mydomain.local -c dc1.mydomain.local

In this case the DSRM password will be set to empty as the password valdiation criteria are skipped 😉

Download

Tags: