Home / Solution / How to Reset a User Password in Active Directory with PowerShell?

How to Reset a User Password in Active Directory with PowerShell?

In this text we’ll take into account how to change (or reset) a customers’ Active Directory passwords utilizing the PowerShell cmdlet Set-ADAccountPassword.

Most directors often change (reset) AD consumer passwords by way of the graphical snap-in dsa.msc (Active Directory Users & Computers). To do it, you have to run the ADUC console, for the consumer account in the AD area, right-click on it and choose Reset password. This is a easy and easy approach to reset the password of the present chosen consumer.

reset user password using mmc console active directory users and computers

But you received’t find a way to use the ADUC console to reset passwords of a number of customers or use the reset password process as one of many automation script actions. In this case, you possibly can reset AD passwords utilizing the PowerShell command immediate.

Contents:

  • Using Set-ADAccountPassword to Reset User’s Password in Active Directory
  • Using PowerShell to Reset Multiple AD User Passwords

Using Set-ADAccountPassword to Reset User’s Password in Active Directory

To reset a consumer password in AD, the Set-ADAccountPassword cmdlet is used, it’s a a part of the Active Directory for Windows PowerShell module (in desktop Windows model it’s a a part of , and in server editions it’s put in as a separate element of AD DS Snap-Ins and Command-Line Tools). Before utilizing AD cmdlets, you have to import it into a PowerShell session:

Import-module ActiveDirectory

To reset a consumer password, your account should have the corresponding privileges in the AD area. Of course, by default non-admin AD customers can not reset passwords of different accounts. To permit a consumer or a group of customers to reset passwords of different customers, you have to delegate the permissions to reset the password on the AD container (Organizational Unit) or add an account to the built-in area group Account Operators.

To confirm that your account has the permissions to reset the password of a particular AD consumer, open its properties, go to the Security tab -> Advanced -> Effective Access -> specify the identify of your account -> just be sure you have Reset Password permission.

ad permissions to reset user password

To reset a password for the consumer jliebert and set a new password [email protected], run this command:

Set-ADAccountPassword jliebert -Reset -NewPassword (ConvertTo-SecureString -AsPlainText “[email protected]” -Force -Verbose) –PassThru

Set-ADAccountPassword - reset the ad user password from powershell

By default, the cmdlet returns the article and shows nothing in the console. To show the details about the consumer object in AD, we use the –PassThru parameter.

You can specify sAMAccountName (as in our case), objectGUID, or a DN (Distinguished Name, e. g., CN=jliebert,OU=Users,DC=woshub,DC=com) as a consumer identify.

If you don’t specify the –Reset parameter when altering a consumer password, you have to manually enter the previous and new account passwords.

Note. When resetting the password utilizing the Set-ADAccountPassword cmdlet you possibly can see the next error:

Set-ADAccountPassword: The password doesn't meet the size, complexity, or historical past requirement of the area.

It implies that the consumer password has some complexity, size, and so forth. necessities outlined in the or the account is topic to.

If you will have enabled and also you don’t need passwords to be displayed in the PoSh console as plain textual content, you have to convert the password into a safe string (you possibly can learn extra about password safety in PowerShell scripts ) in the identical approach as when :

$NewPasswd=Read-Host "Enter a new consumer password" –AsSecureString

enter password as security string

Now reset the password:

Set-ADAccountPassword jliebert -Reset –NewPassword $NewPasswd –PassThru

When resetting a password, you possibly can drive the account unlock, even whether it is locked (on how to discover what pc locks the account, learn the article ):

Unlock-ADAccount –Identity jliebert

In order a consumer to change a password on the subsequent logon to the area, run the next command:

Set-ADUser -Identity jliebert -ChangePasswordAtLogon $true

You can mix the password change command and the requirement to change the password (that is the object attribute) in the PowerShell one-liner:

Set-ADAccountPassword jliebert -NewPassword $NewPasswd -Reset -PassThru | Set-ADuser -ChangePasswordAtLogon $True

Using the cmdlet, you possibly can ensure that the password has been efficiently reset and show the final date of the account password change:

Get-ADUser jliebert -Properties * | choose identify, go*

get-aduser last pasword change date

When resetting the password, the EventID 4724 is registered on the area controller (DC) safety log. This occasion can assist you to examine .

Using PowerShell to Reset Multiple AD User Passwords

Above we now have proven how to reset the password of a single AD consumer from PowerShell console. Let’s take into account one other state of affairs whenever you want to change the passwords of a number of customers directly.

The best case is when you will have to reset passwords of the customers with the identical AD account properties. For instance, you want to change the passwords of all Sales division customers to the identical one and make them change it on the subsequent logon:

get-aduser -filter "division -eq 'Sales Dept' -AND enabled -eq 'True'" | Set-ADAccountPassword -NewPassword $NewPasswd -Reset -PassThru | Set-ADuser -ChangePasswordAtLogon $True

Let’s take into account one other case. Suppose, you will have a CSV / Excel file that incorporates a record of customers you need to reset passwords of and set a distinctive password for each consumer. Here is the format of the customers.csv file:

sAMAccountName;NewPassword
acidicjustine;Pa$$w0r1
josephomoore;N$isory01
simonecole;[email protected]!2

Using this PowerShell script, you possibly can reset a password of every account in the desired csv file:

Import-Csv customers.csv -Delimiter ";" | Foreach Set-ADUser -ChangePasswordAtLogon $false

After this code is executed, a new distinctive password will probably be set for all AD customers in the file.

Check Also

Managing Microsoft Office Settings with GPO Administrative Templates

To centrally handle the settings of Microsoft Office applications (Word, Excel. Outlook, Visio, PowerPoint, and …

Leave a Reply

Your email address will not be published. Required fields are marked *