Awesome
NTLMInjector
In case you didn't now how to restore the user password after you have done a user password resset (Reminder: get the hash previous with DCSync as domain admin)
Right required: user reset password (no domain admin) Works remotely
Done using SamSetInformationUser(SAMPR_USER_INTERNAL1_INFORMATION)
Know caveat: Kerberos AES256 (and other special keys) not changed
SetNTLM
Change the password based on the user hash (or password) Bonus: bypass security policies for checking password strength
(but avoid security filter which can cause problem when synchronizing password in Enterprise environment)