If you forget the password for a virtual machine on Azure, you can easily reset it or create a new local administrator account by using PowerShell quite easily like I described in one of my previous articles. But if that virtual machine happens to be an Active Directory Domain Controller (like it was for me) you are in trouble. You won’t be able to reset the password, or create a new local administrator using the Set-AzureRmVMAccessExtension cmdlet.

If you try to run the cmdlet you will see an error like this saying VM Access Extension does not support Domain Controller.

And if you check the Azure Portal and go to the extensions for the VM you will see that the extension provisioning failed for the Micorsoft.Compute.VMAccessAgent

But there is a way you can get around this. The workaround is to use Net commands and Custom Script Extension in Azure Virtual Machines. Let’s see how it is done. It’s quite easy.

Resetting A Forgotten Password.

To reset the password for a known user, add the following command to a PowerShell script and save it.

net user <existing_username> <new_password>

This will reset the password of the existing user to the new password you added to the script.

Creating A New Local Administrator

To create a new Local Administrator, add the following commands to the PowerShell script and save it.

net user <new_username> <new_password> /add
net localgroup administrators <new_username> /add

This script will first create a new user with the given username and the password. /add switch signifies creating a new user. Then the newly created user needs to be added to the Administrators Local Group. Again /add switch signifies adding a new entry to the Administrators Local Group.

Creating the Custom Script Extension

Once you created the script you need, the next step is to execute it in the Virtual Machine. To do that, login to the Azure Portal and navigate to the Virtual Machine that is the Domain Controller. In the Extensions section click on the Add button to add a new extension.

In the blade you can select the Custom Script Extension from the list of available extensions. And the click Create to create the custom script extension.

In the Install Extension blade, upload the PowerShell script that we just created and click on Ok to install the extension. After a short while the extension will show up in the list of installed Extensions.

Click on the Extension to see the provisioning details and make sure that the provisioning was successful. If it failed, you can see the logs for the error messages in this blade as well. But if it’s successful, you can now use the newly created user to login to your Domain Controller Virtual Machine using RDP.