Change AD password for user on a different domain with PowerShell

Question

I'm trying to change the password for user that is on a different domain than the host where I'm doing it from. This is the example code that I have:

$domain = 'someADDomain.local'
$userName = 'SomeUser'

$oldPassword = Read-Host -AsSecureString -Prompt "Enter the account's old password"
$newPassword = Read-Host -AsSecureString -Prompt "Enter a new password"

Set-ADAccountPassword -Server $domain -Identity $userName -OldPassword $oldPassword -NewPassword $newPassword

The issue is that I'm getting "The server rejected the client credentials". The user that needs password changed is only allowed to login to specific servers, not the domain controller.

Is there a way to specify which server to use, in addition to the domain name?

Ref: https://social.technet.microsoft.com/Forums/en-US/bae9fa8f-f602-4533-97fe-9b2bc9bb800d/powershell-how-to-reset-domain-account-password-for-multiple-domains?forum=ITCG

Answer 1

The current user in the current domain has apparently no permission change the password of the user in the other domain, meaning that you will need to provide other credentials (see -Credential) to the Set-ADAccountPassword cmdlet.

Try:

$Password = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force $oldPassword
$Credential = New-Object System.Management.Automation.PSCredential ("$domain\$userName", $Password)
Set-ADAccountPassword -Credential $Credential -Server $domain -Identity $userName -OldPassword $oldPassword -NewPassword $newPassword
#                     -----------------------

_{In the example I presume that the user has permission to change (its own) password, otherwise you will need to supply other credential, e.g. domain administrator credentials of the other domain. This could just be OtherDomain\YourAccountName)}