In my webpage I wanted to change the password of some accounts. So I got a script powershell. In this one I need to import the module Active-Directory to change the password of accounts. My server is on CentOS, so I install powershell on it. But when I do : Import-Module ActiveDirectory, the console return 'Import-Module: The specified module 'ActiveDirectory' was not loaded because no valid module file was found in any module directory.' Thanks
Asked
Active
Viewed 4,291 times
4
-
5The `ActiveDirectory` module comes with RSAT for _Windows_ - it doesn't work on CentOS – Mathias R. Jessen Apr 21 '21 at 14:10
2 Answers
4
The short answer is... you can't. The centos platform version of .net does not support the [System.DirectoryServices] types/classes yet, and I doubt they'll be migrated over soon. Powershell's ActiveDirectory module requires those to run, so this cannot currently be done in Powershell:
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
MethodInvocationException: Exception calling "GetCurrentDomain" with "0" argument(s): "System.DirectoryServices is not supported on this platform."
An alternative is using ldap commands from centos packages. Here's some examples:
# Change a password that you already know - works with almost any configuration
# You can provide the password from a file or as a parameter. By default it will prompt.
# part of package samba-common-tools
smbpasswd -U MyUsername -r ad.domain.tld
Old SMB password:
New SMB password:
Retype new SMB password:
Changing a password for an AD user when you don't know the current one is more complicated and requires a much more specific configuration on your machine, but can be done with just passwd if:
- your centos machine is joined to the domain correctly
- you are using an admin account with write permission to AD
- You have sssd configured with
chpass_provider=adin\etc\sssd\sssd.conf
passwd DOMAIN\\SomeUsername
Otherwise, the best option on linux is through python's ldap module. I'm not as familiar with it, so I'm only linking working example code from a similar question: Modifying Active Directory Passwords via ldapmodify
Cpt.Whale
- 4,784
- 1
- 10
- 16
1
I know the thread is very old but the alternative is to send invoke requests to your domain controller/other windows server.
Invoke-Command -ComputerName Server01 -Credential Domain01\User01 -ScriptBlock { Get-Culture }
Kashif Raza
- 21
- 1