Reset-UserPassword cmdlet enables to reset the AD user's password.

Note: Password cannot be reset for AD user that is being synced with ADSync Service.

This cmdlet supports risk-mitigation parameters.

Input parameters

#
Parameter
Type

Mandatory (R/O)

Description
Restrictions/Valid Values
1 Authentication Information (all parameters)  
2

NewPassword

SecureString

R New password

According to Users' Password Policy

3

Identity

(aliases: GUID, DistinguishedName)

ADObjectIDParameter

O* A property, that is used for managing the user

Value of one of these parameters can be used as Identity:

#ParameterDescription
1 GUID Globally Unique Identifier (ObjectGuid)
2 DistinguishedName Unique name of the object in Active Directory
4 OriginatingServer string O

Address of the server (domain name), where the object physically exists.

Note: It is recommended to use this parameter as input to guarantee execution of operation with actual data. To get this parameter use Get-User cmdlet.

Max length is 255 symbols
5 UserPrincipalName string O*

Primary Email address (Login)

Max length is 1024 symbols

Note: O* - the request must contain at least one of these parameters (Identity, UserPrincipalName) or both of them. If both parameters are specified, Identity is a priority parameter.

Output parameters 

No parameters

Example of using Reset -UserPassword cmdlet

$password = Read-Host -AsSecureString
Reset-UserPassword -Identity "347A94AF-D66F-41E4-998E-655E4A3E6937" -NewPassword $abc123