Have you ever taken a computer out of a domain, reboot, and then have that sudden sinking feeling? You’re realizing you don’t know the local administrator password! Many of us in IT have done that at least once. On an Azure VM though, no worries! Using a VM extension, you can reset that VM password in a flash.
Microsoft provides Azure VM administrators a backdoor into the administrator password reset process. You now don’t have to fret if you forget the admin password. As long as you still know your Azure portal subscription credential, you’re fine.
There are two ways to do this; through the Azure portal or PowerShell. In this article, we’ll be focusing on using PowerShell. Why? Because it’s #1 easier and #2 gives you the expertise to do this to many VMs at once in case you do something really stupid.
Prerequisites
On the Azure VM to reset the admin password on, be sure the VM agent is installed. You’ll also need to have the Azure PowerShell module (Install-Module -Name Az).
If you have a VM that was built via an image from the gallery, the VM agent should already be installed. But you’ll need to ensure its installed if you’ve uploaded your own image to Azure.
Connect to Azure
Let’s now reset an admin password on one of my Azure VMs. To do that, first, authenticate to Azure.
PS51> Connect-AzAccount
Verify VM Agent Installation
Next, find a VM and assign it to the $vm variable value. I want to be sure that the VM agent is installed before attempting this. It’s better to check for this ahead of time to catch these conditions early.
$vm = Get-AzVM -Name myvm -ResourceGroupName adbdemoresourcegroup
Now check the ProvisionVMAgent property buried under the OSProfile. This will either return True or False.
$vm.OSProfile.WindowsConfiguration.ProvisionVMAgent
Now you can attempt to reset the local administrator password using the Set-AzureRmVMAccessExtension cmdlet. This cmdlet requires seven different parameters. To organize the parameters better, I’ll use PowerShell splatting. I’ll place all parameters first into a hashtable.
$extensionParams = @{
'VMName' = $vm.Name
'Username' =
$vm.OSProfile.AdminUsername
'Password' =
<Password>
'ResourceGroupName' =
$vm.ResourceGroupName
'Name' =
<AnyNameOfThisTask>
'Location' = $vm.Location
}
You’ll also need to add a parameter that requires a little more work known as TypeHandlerVersion. To get this parameter, run the Get-AzureRmVMExtensionImage cmdlet as shown below.
$typeParams = @{
'PublisherName' = 'Microsoft.Compute'
'Type' =
'VMAccessAgent'
'Location' = $vm.Location
}
$typeHandlerVersion = (Get-AzVMExtensionImage
@typeParams | Sort-Object Version -Descending | Select-Object -first 1).Version
Our parameters will now look like this:
$extensionParams = @{
'VMName'
= $vm.Name
'Username' = $vm.OSProfile.AdminUsername
'Password' = <Password>
'ResourceGroupName' = $vm.ResourceGroupName
'Name' =
<AnyNameOfThisTask>
'Location' = $vm.Location
'TypeHandlerVersion' = $typeHandlerVersion
}
You’ll notice that I’ve reused a few of the properties from the $vm variable I created above to save time. By doing this, you’ll only need to provide the password and a name you’d like to assign to this operation.
We can now finally call the command to make the change.
Set-AzVMAccessExtension @extensionParams
You can see that it was a success!
If you still can’t log into the VM with the new admin password, you may have to restart the VM.
$vm | Restart-AzVM
Once it comes back up, you’ll now be able to log in with your new, shiny admin password!
Summary
In this blog post, you’ve learned how to reset an Azure VM’s password using the Azure VM agent. Remember this trick the next time you forget your admin password!