Home » PowerShell » Set-AdAccountPassword – Reset Active Directory Password

Set-AdAccountPassword – Reset Active Directory Password

Set-AdAccountPassword cmdlet in PowerShell reset the active directory account password. It sets or modifies the password for a user, computer, or service account.

To change the active directory user password, you can use the Get-AdUser cmdlet to retrieve the aduser object and pass it through the pipeline to the Set-AdAccountPassword to set the user password in AD.

To reset the active directory computer password, you can use the Get-AdComputer cmdlet to find the computer object and pass it through the pipeline to the Set-AdAccountPassword to reset the computer password in AD.

Similarly, to modify the service account password, use the Get-AdServiceAccount cmdlet to retrieve the service account object and pass it through the pipeline to the Set-AdAccountPassword to change the service account password in AD.

In this article, we will discuss how to use the Set-AdAccountPassword to reset the active directory user, computer, or service account password.

Set-AdAccountPassword

Set-AdAccountPassword modifies the active directory account password.

Syntax

Set-ADAccountPassword
   [-WhatIf]
   [-Confirm]
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   [-Identity] <ADAccount>
   [-NewPassword <SecureString>]
   [-OldPassword <SecureString>]
   [-Partition <String>]
   [-PassThru]
   [-Reset]
   [-Server <String>]
   [<CommonParameters>]

Parameters

-Identity: Specifies the active directory account to modify. You can use distinguished name, GUID, security identifier (SID), or SAMAccountname to identify the active directory account.

-NewPassword: Specifies a new password value to set for the active directory account. It is stored as an encrypted string.

-OldPassword: Specifies old or most recent password value. It is processed as an encrypted string.

-Server: Specifies the Active Directory Services instance to connect to.

Reset Active Directory User Password

You can reset the active directory user password using the Set-AdAccountPassword command.

Use the distinguished name of the aduser account to set the password for the user using Set-AdAccountPassword.

Set-ADAccountPassword -Identity 'CN=Gary Waugh,OU=SALES,DC=SHELLPRO,DC=LOCAL' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "[email protected]@1" -Force)

In the above PowerShell script, the Set-AdAccountPassword command uses the Identity parameter to specify a distinguished name for the aduser account.

It uses the Reset parameter to change the user password by providing the new password. It stores the new password as an encrypted string.

The output of the above script in Powershell sets the user password without the old password.

PowerShell Reset User Password using Set-AdAccountPassword

In PowerShell to set the user password, you can retrieve the aduser using the Get-AdUser cmdlet and pass it through the pipeline to the Set-AdAccountPassword to reset the user password.

# Get the aduser object using the Get-AdUser cmdlet
$aduser =Get-AdUser -Identity 'CN=Gary Waugh,OU=SALES,DC=SHELLPRO,DC=LOCAL'

# Reset aduser password using the Set-AdAccountPassword

Set-ADAccountPassword $aduser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "[email protected]@1" -Force)

In the above PowerShell script, the Get-AdUser cmdlet uses the Identity parameter to specify the distinguished name and retrieve the aduser object.

The Set-AdAccountPassword uses the aduser object and uses the Reset parameter to modify the user password with a new password.

Reset Multiple AdUsers Password in PowerShell

You can use the Get-AdUser cmdlet in PowerShell to get multiple adusers based on specified search criteria and pass it through the pipeline to the Set-AdAccountPassword command to set the password for multiple adusers in Active Directory.

get-aduser -filter "department -eq 'Human Resource' -AND enabled -eq 'True'" | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "[email protected]" -Force)

In the above PowerShell script, the Get-AdUser cmdlet uses the Filter parameter to search for the user from the Human Resource department and has enabled status.

It passes aduser objects to the Set-AdAccountPassword to reset the user password.

PowerShell Reset User Password
PowerShell Reset User Password

Fix for Set-AdAccountPassword: Access is Denied

While trying to reset the active directory account password using the Set-AdAccountPassword command, gets the access denied error as given below.

PS C:\> Set-ADAccountPassword -Identity 'CN=Gary Waugh,OU=SALES,DC=SHELLPRO,DC=LOCAL' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "[email protected]" -Force)
Set-ADAccountPassword : Access is denied
At line:1 char:1
+ Set-ADAccountPassword -Identity 'CN=Gary Waugh,OU=SALES,DC=SHELLPRO,D ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (CN=Gary Waugh,O...ELLPRO,DC=LOCAL:ADAccount) [Set-ADAc
   countPassword], UnauthorizedAccessException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.UnauthorizedAccessException,Microsoft.Active
   Directory.Management.Commands.SetADAccountPassword

PS C:\>

The solution to fix the Set-AdAccountPassword: Access Denied issue is to open the PowerShell terminal with the Run as Administrator option.

You might be using the admin domain account however you need to open the PowerShell terminal with the administrator rights to execute the command.

FAQ

Set-AdAccountPassword is not found – recognized as the name of a cmdlet


If the active directory module is not installed or not imported, while running the Set-AdAccountPassword cmdlet to set the user password in PowerShell, it throws the error “Set-AdAccountPassword : The term 'Set-AdAccountPassword' is not recognized as the name of a cmdlet, function,

Install the Active Directory module and import it.

Conclusion

I hope the above article on how to use the Set-AdAccountPassword to modify the active directory account password is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment