<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2531 " id="quads-ad2531" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>
<h2>Active Directory Admin Password</h2>
<p>We had a security lab on Azure with 12 machines, It included 2 DCs and 10 other machines of different OS and had RDP closed on all the machines except one machine to use.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2526 " id="quads-ad2526" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2528 " id="quads-ad2528" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2526 " id="quads-ad2526" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<p>The Password was set for something simple however it seems that someone has changed it and no one was able to access the domain controller anymore nor any of the machines.</p>
<p>I had another user created for backup but it seems that user was also changed.</p>
<p>The usual method of resetting Azure VM is going through portal or PowerShell</p>
<h2>Resetting Via Azure Portal</h2>
<p>When you try to reset the password from Azure Virtual machine itself. If the VM has Domain Controller it will fail to reset the password with the following error:</p>
<p><a href="https://portal.azure.com/#">Failed to reset RDP configuration</a></p>
<p>VM has reported a failure when processing extension &#8216;enablevmaccess&#8217;. Error message: &#8220;VMAccess Extension does not support Domain Controller.&#8221; More information on troubleshooting is available at <a href="https://aka.ms/vmextensionwindowstroubleshoot">https://aka.ms/vmextensionwindowstroubleshoot</a></p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb.png" alt="image" width="498" height="157" border="0" /></a> 

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2526 " id="quads-ad2526" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>
 
</p>
<h2>Through PowerShell</h2>
<p>To reset a password, we first need to define the VM we&#8217;re working with. To do this, we can use the Get-AzureRmVm cmdlet. I&#8217;ll go ahead and assign variables to both the VM name and the resource group since we&#8217;ll need to reference those later, as well.</p>
<pre>$vmName = 'YOURVMNAMEHERE'
$resourceGroupName = 'YOURRGHERE'
$vm = Get-AzureRmVm -Name $vmName -ResourceGroupName $resourceGroupName</pre>
<h2></h2>
<p>Next, we&#8217;ll need some way to pass the username and password into the script. A great way to do that is through the Get-Credential cmdlet.</p>
<pre>$credential = Get-Credential</pre>
<p>Once the credential is saved, we can then execute the command to actually make the password change using the variables we set earlier. Notice we had to use the GetNetworkCredential() method on the pscredential object. This method will <em>not</em> work if the credential is retrieved from another computer or from another user account. This shouldn&#8217;t be a problem, though, since you&#8217;re likely to execute this in a single script.</p>
<pre>$extensionParams = @{
 'VMName' = $vmName
 'Username' = $Credential.UserName
 'Password' = $Credential.GetNetworkCredential().Password
 'ResourceGroupName' = $resourceGroupName
 'Name' = 'AdminPasswordReset'
 'Location' = $vm.Location
}

$result = Set-AzureRmVMAccessExtension @extensionParams</pre>
<p>Once this completed (hopefully successfully), the VM will need to be rebooted. We can do that by using the Restart-AzureRmVm cmdlet.</p>
<pre>$vm | Restart-AzureRmVM</pre>
<p>While this PowerShell script might work with a normal VM, It will not work with a DC and would result in the same error as in the portal.</p>
<h2>Solution</h2>
<p>The solution is to write a script which would run through the CustomScriptExtension that you can deploy from the Azure Portal on the intended VM that has the Domain Controller Deployed on it.</p>
<p>Once you get the script ready to change the administrator Password you can upload the script and deploy it.</p>
<p>Let’s get the script ready and demonstrate these steps one by one.</p>
<p>&#8211; On my Computer I will write a tiny script that will say</p>
<p><strong>Net User domainadmin Adm!nPassw0rd1</strong></p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-1.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-1.png" alt="image" width="426" height="151" border="0" /></a></p>
<p>&#8211; Save the file on your desktop for later use. Go to Azure Portal, Virtual Machines and select your Domain Controller.</p>
<p>&#8211; Go to Extensions.</p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2531 " id="quads-ad2531" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<p>&#8211; Click on Add</p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-2.png"><img style="display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-2.png" alt="image" width="905" height="553" border="0" /></a></p>
<p>&#8211; Select Custom script Extension</p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-3.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-3.png" alt="image" width="559" height="553" border="0" /></a></p>
<p>&#8211; Click Create</p>
<p>&#8211; Browse the PowerShell script on your Desktop.</p>
<p>&#8211; Select Storage Account</p>
<p>&#8211; Select an existing container or create new one</p>
<p>&#8211; Upload the file to the container</p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-4.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-4.png" alt="image" width="1028" height="277" border="0" /></a></p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-5.png"><img style="display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-5.png" alt="image" width="706" height="772" border="0" /></a></p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-6.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-6.png" alt="image" width="359" height="276" border="0" /></a></p>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-7.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-7.png" alt="image" width="790" height="432" border="0" /></a></p>
<h2><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-8.png"><img style="display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-8.png" alt="image" width="1028" height="323" border="0" /></a></h2>
<h3>Result</h3>
<p>Once deployed, it’ll take few mins to reset the password and you don’t have to restart the server.</p>
<h2>Through PowerShell</h2>
<p><a href="https://www.moh10ly.com/wp-content/uploads/2020/04/image-9.png"><img style="margin: 0px; display: inline; background-image: none;" title="image" src="https://www.moh10ly.com/wp-content/uploads/2020/04/image_thumb-9.png" alt="image" width="940" height="525" border="0" /></a></p>
<p>After this I was able to access the machine again using the new password in the script.</p>
<p>ref:</p>
<p><a href="https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/features-windows#troubleshoot-vm-extensions">https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/features-windows#troubleshoot-vm-extensions</a></p>
<p><a href="https://docs.microsoft.com/en-us/azure/virtual-machines/windows/run-command">https://docs.microsoft.com/en-us/azure/virtual-machines/windows/run-command</a></p>
<p><a href="https://mcpmag.com/articles/2017/12/13/azure-vm-password-with-powershell.aspx">https://mcpmag.com/articles/2017/12/13/azure-vm-password-with-powershell.aspx</a></p>
<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2527 " id="quads-ad2527" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>

<p><a href="https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/reset-local-password-without-agent">https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/reset-local-password-without-agent</a></p>

<!-- WP QUADS Content Ad Plugin v. 2.0.94 -->
<div class="quads-location quads-ad2525 " id="quads-ad2525" style="float:none;margin:0px 3px 3px 3px;padding:0px 0px 0px 0px;" data-lazydelay="0">

</div>


Reset and manage your Active Directory users' Passwords Active Directory is one of the most…
Finding Exchange Database hidden mailboxes. Story:Maybe you have been in this situation before, trying to…
If you're using a Proxy server in your firewall or in your network and have…
Story:I got some clients that have reported some of their users being locked out and…
Delegate Permissions This is a code that I have wrote recently to check if an…
Story: I got a request from a client who constantly gets CVs and have to…
View Comments
Thank you. Saved myself from deploying a new vm and dc
You're very welcome :) Glad it helped you
Thanks a lot !
You are very welcome :)
I was able to reset the password, but when I try to connect via RDP with the new password, I can't, the following error message appears: "login attempt failed".
What is missing?
Did you try to restart the server?
Yes, I tried several times. =(
it was very useful for a test environment where all admins password expired (we forgot to remove the password gpo) and prevent us to bastion to it