I figured I could use 2 nested Command Prompt window pop-ups to run a password-changing script,
cygstart cmd /c "runas /user:DOMAIN\\USER \"powershell %cd%\\changepw.ps1\" & pause"
The changepw.ps1 script follows,
# http://serverfault.com/questions/570476/how-can-a-standard-windows-user-change-their-password-from-the-command-line
# cygstart cmd /c "runas /user:DOMAIN\\USER \"powershell %cd%\\changepw.ps1\" & pause"
param (
[string]$oldPassword = $( Read-Host "Old password"),
[string]$newPassword = $( Read-Host "New password")
)
$ADSystemInfo = New-Object -ComObject ADSystemInfo
$type = $ADSystemInfo.GetType()
$user = [ADSI] "LDAP://$($type.InvokeMember('UserName', 'GetProperty', $null, $ADSystemInfo, $null))"
try {
$user.ChangePassword($oldPassword, $newPassword)
} catch [Exception] {
# echo $_.Exception.GetType().FullName, $_.Exception.Message
echo $_.Exception | format-list -force
}
write-host "Press any key to continue..."
[void][System.Console]::ReadKey($true)