Skip to content

Instantly share code, notes, and snippets.


itpro-tips/RODCClearPassword.ps1 Secret

Last active Jan 2, 2020
What would you like to do?
$NTDSPDCEmulator = ([ADSI]'').fsmoroleowner[0]
$PDCEmulator = ([ADSI]"LDAP://$NTDSPDCEmulator").Parent
$PDC = ([ADSI]$PDCEmulator).DnsHostName
# Distinguished Name of the user
$userDN = "CN=xxxx,DC=yyy,DC=zzz"
Invoke-Command -ScriptBlock {
$temp = [io.path]::GetTempFileName()
Set-Content -Path $temp -Value @"
dn: $userDN
changetype: modify
replace: RODCPurgeAccount
RODCPurgeAccount: Null
ldifde -i -f $temp
Remove-Item -Force $temp
} -ComputerName $PDC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.