Password resets through LDAP write the unicodePwd attribute. AD requires LDAPS or another protected channel, and the new password must be wrapped in quotes, encoded as UTF-16LE, then base64-encoded in LDIF.
export DC=10.10.10.200
export DOMAIN=ootw.local
export USER='student'
export PASS='student'
Generate the encoded password:
echo -n '"Welcome1!"' | iconv -f utf-8 -t utf-16le | base64 -w0
LDIF password reset:
dn: CN=svc_web,OU=Service Accounts,OU=OOTW Lab,DC=ootw,DC=local
changetype: modify
replace: unicodePwd
unicodePwd:: IgBXAGUAbABjAG8AbQBlADEAIQAiAA==
-
replace: pwdLastSet
pwdLastSet: 0
Apply over LDAPS:
LDAPTLS_REQCERT=never ldapmodify -H ldaps://$DC:636 -D "$DOMAIN\\$USER" -w "$PASS" -f reset.ldif
Validate with NetExec:
nxc ldap $DC -d OOTW -u svc_web -p 'Welcome1!'
nxc smb $DC -d OOTW -u svc_web -p 'Welcome1!'
PowerShell:
$Password = ConvertTo-SecureString 'Welcome1!' -AsPlainText -Force
Set-ADAccountPassword -Identity svc_web -Reset -NewPassword $Password
Set-ADUser -Identity svc_web -ChangePasswordAtLogon $true
$CredPassword = ConvertTo-SecureString 'student' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('OOTW\student', $CredPassword)
$NewPassword = ConvertTo-SecureString 'Welcome1!' -AsPlainText -Force
Set-DomainUserPassword -Identity svc_web -AccountPassword $NewPassword -Credential $Cred -Verbose