0
0
PowershellHow-ToBeginner · 3 min read

How to Reset Active Directory Password Using PowerShell

To reset an Active Directory password using PowerShell, use the Set-ADAccountPassword cmdlet with the -Identity and -NewPassword parameters. You can also unlock the account with Unlock-ADAccount if needed. This requires the Active Directory module and appropriate permissions.
📐

Syntax

The basic syntax to reset an AD user password is:

  • Set-ADAccountPassword: The cmdlet to change the password.
  • -Identity: Specifies the user account by username, distinguished name, or GUID.
  • -NewPassword: The new password as a secure string.
  • -Reset: Indicates a password reset (not a change).

Optionally, use Unlock-ADAccount to unlock the user account after resetting the password.

powershell
Set-ADAccountPassword -Identity <UserName> -NewPassword (ConvertTo-SecureString -AsPlainText "NewPass123!" -Force) -Reset
Unlock-ADAccount -Identity <UserName>
💻

Example

This example resets the password for user jdoe to NewPass123! and unlocks the account if locked.

powershell
Import-Module ActiveDirectory

Set-ADAccountPassword -Identity jdoe -NewPassword (ConvertTo-SecureString -AsPlainText "NewPass123!" -Force) -Reset
Unlock-ADAccount -Identity jdoe

Write-Output "Password reset and account unlocked for user jdoe."
Output
Password reset and account unlocked for user jdoe.
⚠️

Common Pitfalls

  • Not running PowerShell as a user with permission to reset passwords in AD.
  • Forgetting to convert the new password to a secure string using ConvertTo-SecureString.
  • Using Set-ADAccountPassword without the -Reset flag when you mean to reset the password.
  • Not importing the Active Directory module before running the commands.
  • Ignoring account lockout status; you may need to unlock the account separately.
powershell
## Wrong way (missing secure string conversion)
Set-ADAccountPassword -Identity jdoe -NewPassword "NewPass123!" -Reset

## Right way
Set-ADAccountPassword -Identity jdoe -NewPassword (ConvertTo-SecureString -AsPlainText "NewPass123!" -Force) -Reset
📊

Quick Reference

Remember these key points when resetting AD passwords with PowerShell:

  • Always import the Active Directory module: Import-Module ActiveDirectory
  • Use ConvertTo-SecureString to create a secure password object.
  • Use -Reset flag to reset (not change) the password.
  • Unlock the account if locked with Unlock-ADAccount.
  • Run PowerShell as an admin or with delegated rights.

Key Takeaways

Use Set-ADAccountPassword with -Reset and a secure string to reset AD passwords.
Always convert the new password to a secure string using ConvertTo-SecureString.
Import the Active Directory module before running AD commands.
Unlock the user account separately if it is locked using Unlock-ADAccount.
Run PowerShell with appropriate permissions to reset passwords successfully.

Related by keyword

PowerShell Script to Reset Password EasilyPowerShell System ProgramsPowerShell 5 vs PowerShell 7: Key Differences and When to Use EachGetting StartedHow to Create Directory in PowerShell: Simple GuideFile OperationsHow to Install PowerShell: Step-by-Step GuideGetting StartedHow to Open PowerShell Quickly and EasilyGetting Started

Up next

How to Use Invoke-Command in PowerShell: Syntax and ExamplesHow to Use Remote PowerShell: Syntax and ExamplesHow to Fix Access Denied Error in PowerShell QuicklyHow to Fix 'Command Not Found' Error in PowerShell

More in Active Directory

How to Add User to AD Group with PowerShellHow to Create an AD User with PowerShell QuicklyHow to Disable an Active Directory Account Using PowerShellHow to Get AD Computer Information Using PowerShell