In this post, you will learn how to reset a user password in Active Directory.
There are multiple options for resetting a user’s password, they are:
- Option 1. Active Directory Users and Computers Console (ADUC)
- Option 2. PowerShell
- Option 3. User Unlock and Reset Tool
Lets get started.
Option 1. Reset Password using Active Directory Users and Computers Console (ADUC)
This option requires remote server administration tools (RSAT) installed on your local computer or a server. You can reset passwords from the domain controller (server running Active Directory) but it is not the preferred option.
Step 1. Open ADUC
ADUC is located in the Windows Administrative Tools folder. I like to pin this program to the taskbar for quick access.
Step 2. Find the User Account
You can browse the directory or search for the locked user account.
In this example, I’m going to search for the account Adam.Reed.
Click the Search Icon.
Enter the user’s name. You can enter the first name, last name, both, or the logon name to find the account.
Click Find Now.
Step 3. Reset Password
The last step is to right click the account and select “Reset Password”
Tip: The Reset Password box will show you if the account is locked out.
Enter the new password, and confirm the password.
If you want to require the user to change their password at the next logon then check the box “User must change password at next logon”
You will get a confirmation message.
That’s it for option 1. In the next section, I’ll show you how to reset passwords with PowerShell.
Option 2. Reset User Password with PowerShell
Use this command to reset a user’s password with PowerShell. You will need the user’s logon name to identify the account to reset.
Set-ADAccountPassword -Identity adam.reed -reset
You will be prompted to enter a new password.
To require the user to change the password at the next logon use this command.
Set-ADUser -Identity adam.reed -ChangePasswordAtLogon $true
To verify the password has been reset use this command.
Get-ADUser adam.reed -Properties * | select name, pass*
The above command will show the user’s PasswordLastSet date.
Option 3. User Unlock and Reset Tool
This last option uses the unlock tool from the AD Pro Toolkit. Currently, this tool will only reset passwords if the account is locked. We will be added a feature in an upcoming release that allows to reset passwords for any user.
Step 1. Open the AD Pro Toolkit.
Open the toolkit and click on “User Unlock”.
Step 2. Click Run
Click the run button to find all locked user accounts.
To reset the user’s password select the account and click the PW Reset Button.
Next, you can randomly generate a password by clicking the generate button.
Or you can manually enter a password.
Optionally, you can select “User must change password” if you require the user to change password at the next logon.
Click “reset password” button to change the user’s password.
Next, you will need to unlock the user’s accounts.
Again, you can only reset the password for locked user accounts. I will be creating a standalone tool that allows to reset passwords for any user account.
The AD Pro Tool also includes several password status reports.
For example, to get the password expiration date for all users run the “Password expiration date” report.
These reports come in useful for auditing user passwords and meeting security requirements.
In this article, I showed you three options on how to reset a user password in Active Directory. I recommend you try out all three options and see which one works best for you. If you have questions or a comment please post them below.