Reset Local Administrator Password of an Azure Virtual Machine using Azure PowerShell
If you have a memory of a gold fish when it comes to passwords, like me you would definitely run in to the problem where you forget the password for a virtual machine you created on Azure. But luckily there is a quick way of resetting the Local Administrator Password for an Azure VM using Azure PowerShell. (You can reset the password using the Azure Portal as well.)
To reset the local administrator password, you can use the Set-AzureRmVMAccessExtension PowerShell cmdlet. To use this command, you need to login to your Azure Subscription where the VM is created. You can use the following PowerShell Script to reset the local administrator password.
# Login to Azure
Login-AzureRmAccount
# Setup the variables
$resourceGroupName = "<resource_group_name>"
$vmName = "<vm_name>"
$name = "ResetPassword"
$location = "<vm_location>"
# Create the credentials
$creds = Get-Credential
# Create the account
Set-AzureRmVMAccessExtension -ResourceGroupName $resourceGroupName -VMName $vmName -Name $name -Location $location -Credential $creds -TypeHandlerVersion "2.0"
# Logout from Azure
Logout-AzureRmAccount
Taking you through the PowerShell script, First, we login to the Azure Subscription using the Login-AzureRmAccount cmdlet. Then we need some variables (you can just type in these values directly as well. I’ve done this for clarity) that has the Resource Group Name where the VM is contained in, the Virtual Machine Name, the Name of the extension we are going to add and the Location of the VM.
The next line that uses Get-Credential cmdlet opens up a dialog box where you can enter the username and the password.
Then we can supply the PSCredential object directly as the value for the -Credential parameter of the Set-AzureRmVMAccessExtension cmdlet. Run the command to reset the password. When its complete the output should look something like this.
This adds an VM Access Agent Extension to the virtual machine you are targeting. If you go to the Azure Portal and navigate to the Extensions blade of the VM you can see the Microsoft.Compute.VMAccessAgent extension is added with the name we provided In the script.
Now If you try to login using the new password. You can see that you are able to login to the Virtual Machine. Yay!!!
Things To Remember
Couple of things to consider when running the Set-AzureRmVMAccessExtension
- If you don’t know the username and the password, or if you want to create entirely a new user, you can do that using this cmdlet. If you supply a username that is not there in the VM already, it will create a new Local Administrator account using the username and assign the password you have given. If the username exists, and the account is Disabled, the cmdlet will reset the password and Enable the account
- You won’t be able to run the Set-AzureRmVMAccessExtension to create/reset passwords if your virtual machine is a Domain Controller.
- A virtual machine can have only One VM Access Agent attacked to it. So if you want to re-run the script, you have to add the -ForceRerun parameter to the script and use the Same Name you have given earlier as the Extension Name. So, your command would look something like this
Set-AzureRmVMAccessExtension -ResourceGroupName $resourceGroupName -VMName $vmName -Name $name -Location $location -Credential $creds -TypeHandlerVersion "2.0" -ForceRerun