Automatic change user password in AD?

Good day!
Needed automatically after a specified period of time to change the password of the user in AD (without the participation of the real user).
How to do it? Built-in AD tools do not have such functionality.
April 19th 20 at 12:09
4 answers
April 19th 20 at 12:11
The posh and securerom. Check the date the password was last set in the properties for the UZ to HELL, generte new recette the desired interval and send an email with a new pass to the user.
The posh and securerom. Check the date the password was last set in the properties for the UZ to HELL, generte new recette the desired interval and send an email with a new pass to the user.

I suspect that it is a functional user, and not real. Otherwise, he will read the letter with the new password, if access to e-mail you enter it? =) - elna.Wyman6 commented on April 19th 20 at 12:14
The letter can be sent to the administrator responsible for the service
You can also try to translate the accounts of such "functional" users in gMSA (if the service is good with this type of ULTRASOUND to work) - then the AD will independently change the password - titus commented on April 19th 20 at 12:17
@titus,
Have you worked with this type of account? I did not like this decision by the fact that somehow spike (at first glance) is configured. Are these accounts safe? Saw a domain administrator needs to configure - peter_Ro commented on April 19th 20 at 12:20
@peter_Roworked...at first also thought that the spike solution, but if you have a hard password policy help - do not bother with the change password...but there are also disadvantages: not all apps and services (even native from MS) know how to work with UZ (SharePoint, for example, do not know how); management through Powershell, etc. Technical details necessary to remember... - titus commented on April 19th 20 at 12:23
@titus, thanks. I need the service password from mailbox to change (exchange). take a look. - peter_Ro commented on April 19th 20 at 12:26
@peter_Ro, in this case, the mailbox type to shared convert or create a new...when you create a shared mailbox creates a locked user account, when preobrazovanii you can block the corresponding user for the password, not to worry, only not to forget to distribute the right to box who need. - titus commented on April 19th 20 at 12:29
@titus, sorry, the drawer requires a standard ) - peter_Ro commented on April 19th 20 at 12:32
@peter_Ro, well...the difference between a regular custom box (type Regular) and a shared mailbox (type Shared) only in that the Shared blocked the user - otherwise the behavior of the conventional box...who needs - distribute Full Mailbox Access and, at need, Send As
and MSA/gMSA with drawers not know how, they're more for services
or You account from the box somewhere else to walk? - titus commented on April 19th 20 at 12:35
@titus, just for the box - peter_Ro commented on April 19th 20 at 12:38
@peter_Ro, then convert it to Shared, the corresponding block TIES and forget the password... - titus commented on April 19th 20 at 12:41
April 19th 20 at 12:13
Generates the password and perform in PowerShell:
Set-ADAccountPassword USERNAME-Reset-NewPassword (ConvertTo-SecureString-AsPlainText “NEWPASSWORD” -Force -Verbose) –PassThru


But if you want to change the password for users, it is better to do password expiration
April 19th 20 at 12:15
May be not to change the password and require a change at next login?
When working with remote desktop with nla enabled, it's not so simple.. - rose.Herman commented on April 19th 20 at 12:18
April 19th 20 at 12:17
Update: it must be done without the participation of real users, the. the account is a service (not used by user)

Find more questions by tags Microsoft ExchangeActive Directory