skip to Main Content

In my webpage I wanted to change the password of some accounts. So I got a script powershell. In this one I need to import the module Active-Directory to change the password of accounts. My server is on CentOS, so I install powershell on it. But when I do : Import-Module ActiveDirectory, the console return ‘Import-Module: The specified module ‘ActiveDirectory’ was not loaded because no valid module file was found in any module directory.’
Thanks

2

Answers


  1. The short answer is… you can’t. The centos platform version of .net does not support the [System.DirectoryServices] types/classes yet, and I doubt they’ll be migrated over soon. Powershell’s ActiveDirectory module requires those to run, so this cannot currently be done in Powershell:

    [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    MethodInvocationException: Exception calling "GetCurrentDomain" with "0" argument(s): "System.DirectoryServices is not supported on this platform."
    

    An alternative is using ldap commands from centos packages. Here’s some examples:

    # Change a password that you already know - works with almost any configuration
    # You can provide the password from a file or as a parameter. By default it will prompt.
    # part of package samba-common-tools
    
    smbpasswd -U MyUsername -r ad.domain.tld
      Old SMB password:
      New SMB password:
      Retype new SMB password:
    

    Changing a password for an AD user when you don’t know the current one is more complicated and requires a much more specific configuration on your machine, but can be done with just passwd if:

    • your centos machine is joined to the domain correctly
    • you are using an admin account with write permission to AD
    • You have sssd configured with chpass_provider=ad in etcsssdsssd.conf
    passwd DOMAIN\SomeUsername
    

    Otherwise, the best option on linux is through python’s ldap module. I’m not as familiar with it, so I’m only linking working example code from a similar question: Modifying Active Directory Passwords via ldapmodify

    Login or Signup to reply.
  2. I know the thread is very old but the alternative is to send invoke requests to your domain controller/other windows server.

    Invoke-Command -ComputerName Server01 -Credential Domain01User01 -ScriptBlock { Get-Culture }

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search