Home » Technology How-to Guides » Windows Server How-to Guides

How to Reset Password in Active Directory

Photo of author

By Victor Ashiedu

Published

Do you want to know various ways to reset the password of Active Directory objects? This guide teaches you how to reset a user’s and passwords for common AD objects.

How To Reset User Password In Active Directory

Active Directory has numerous tools you can use to reset user account passwords. This section shows you how to reset user passwords with Active Directory Users and Computers.

In addition to that, there is also a subsection with steps to perform the same task with Active Directory Administrative Center and another with steps for ADSI Edit.

Finally, if you love commands, you’ll love the two subsections that show you how to reset a user Active Directory account password with Command Prompt and PowerShell.

Option 1: Reset User Password with Active Directory Users and Computers

  1. Open Active Directory Users and Computers (ADUC).
If you installed RSAT for Active Directory and your PC is a member of a Windows domain, you should be able to open Active Directory Users and Computers from your Windows 10 or Windows 11 PC.
  1. When ADUC opens, search for the user you want to reset its password. To open the search field in ADUC, right-click the domain name and select Find.
Reset User Active Directory Password With Active Directory Users and Computers
  1. Then, right-click the user and select Reset Password.
  1. Finally, to reset a user’s Active Directory password with Active Directory Users and Computers, enter and re-enter the new password and click OK.
The Reset Password window checks the “User must change password at next logon” checkbox by default. If you do not want AD to force the user to change password at next logon, uncheck this box. Additionally, if the user’s account has been locked out, check the “Unlock the user’s account” checkbox before you reset the account.
Reset User Active Directory Password With Active Directory Users and Computers

Option 2: Reset User Password with Active Directory Administrative Center

  1. Open Active Directory Administrative Center (ADAC). Like ADUC, if you installed RSAT for Active Directory, you can open ADAC from your Windows 10/11 PC.
  2. When ADAC opens, locate the user you want to reset its password and select it (left-click the user once). Then, on the right pane, click Reset password.
Reset User Active Directory Password With Active Directory Administrative Center
  1. Finally, on the Reset Password pop-up, enter and re-enter the new password and click OK.
Uncheck the “User must change password at next logon” checkbox if you do not want to force the user to change password when the user logs on next time. Additionally, check the “Unlock account” checkbox if the user’s account is locked and you wish to unlock it.
reset password in active directory

Option 3: Reset User Password with ADSI Edit

  1. Open ADSI Edit. If it is the first time you’ve opened the tool, right-click ADSI Edit and select connect.
  2. Then, locate the container the user is located. In this example, the user I want to reset its password is located in an OU called Writers.
  3. Next, left-click the user once. Then, on the right pane, click More Actions under the user’s name and select Reset Password.
Alternatively, right-click the user’s CN name and select Reset Password – see the second screenshot below.
  1. Finally, to reset a user’s AD account password with ADSI Edit, enter and reenter the new password and click OK on the Reset Password pop-up window.
Resetting a user’s Active Directory account password with ADSI Edit has a major limitation. One, it does not give you the option to force the user to change password at the next logon. In addition to that, also, it does not have the option to unlock the user’s account if it is locked out.
reset a user password in active directory with ADSI Edit

Option 4: Reset User Password with Command Prompt (Net User Command)

  1. Open Command Prompt as administrator. Then, enter a command like the one below and press the enter key.
Replace “ARaj” with the Active Directory logon name of the user you want to reset its password. Furthermore, instead of entering the new password in the command, I entered asterisks (*). Entering asterisks makes the command prompt me to enter the password.
Net user /domain ARaj *
  1. When the command prompt asks you to enter a new password, type it – the prompt will not display what you’re typing.
Reset User Active Directory Password With Command Prompt (Net User Command)
  1. After typing the password, press the enter key on your keyboard. Command Prompt will request you to re-enter the password.
  2. Re-enter the same password and press the enter key.
You can replace the asterisks (*) in the command with the new password you want to set for the user account.

Option 5: Reset User Password with PowerShell

  1. Open PowerShell as administrator. Then, run the command below to save the user’s DistinguishedName in the $dn.
You need the user’s DistinguishedName to reset their password. Change “victor ashiedu” to the name of the user you want to reset the password. 
$dn = (Get-ADObject -Filter {Name -eq 'victor ashiedu'}).DistinguishedName
  1. Then, to reset a user’s AD Password with PowerShell, run the command below.
Change the strings next to the -AsPlainText parameter of the ConvertTo-SecureString cmdlet – p@ssw0rd. This is the password I used for this example. You can change the password you wish to set for the account. 
Set-ADAccountPassword -Identity $dn -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)
If you want to force the user to change password at next logon, run the first command below. Additionally, to unlock the AD user account (if it was locked out), run the second command below. 
Set-ADUser -Identity $dn -ChangePasswordAtLogon $true
Unlock-ADAccount -Identity $dn

How To Reset Computer Active Directory Password

In the last section, I showed you how to reset Active Directory password for a user account. You can also reset password for an AD computer object.

This section discusses two methods to reset the password of a computer account in AD.

Option 1: Reset Computer Active Directory Password With ADSI Edit

  1. Open ADSI Edit and locate the computer you want to reset its password.
  2. Then, right-clck the computer object and select Reset Password
  1. Finally, on the Reset Password pop-up, enter the new password, then, re-enter then same password and click OK.

Option 2: Reset Computer Active Directory Password with PowerShell

  1. Open PowerShell as administrator.
  2. Then, on the PowerShell prompt, to reset the password for the local computer, run the command below. 
Reset-ComputerMachinePassword

Alternatively, to reset the account of a remote computer, run these commands instead. 

$cred = Get-Credential
Invoke-Command -ComputerName "Server01" -ScriptBlock {Reset-ComputerMachinePassword -Credential $using:cred}
The first command will prompt you for a user name and password and save the information you entered in the $cred variable. Then, the second command uses the Invoke-Command command to remotely connect to a computer called “Server01” to reset the computer’s AD password.

How To Reset Group Managed Service Account Password

You can also use ADSI Edit and PowerShell to reset the password of a group Managed Service Account.

Option 1: Reset Group Managed Service Account (gMSA) Password with ADSI Edit

  1. Open ADSI Edit and locate the Managed Service Account you want to reset its password. Then, locate the MSA, right-click it and select Reset Password.
How To Reset Group Managed Service Account Password With ADSI Edit
  1. Finally, on the Reset Password pop-up, enter the new password for the Managed Service Account. Then, re-enter the same password and click OK.

Option 2: Reset Group Single Managed Service Account (sMSA) Password with PowerShell

You cannot use the method discussed in this subsection to reset password for Group Managed Service Account (gMSA). You can only use the method to reset password for a Single Managed Service Account (sMSA). In addition to that, you must first install the sMSA on the computer you run the command in this subsection
  1. Open PowerShell as administrator.
  2. Then, run the Reset-ADServiceAccountPassword command to reset the password of the Single Managed Service Account (sMSA).
Replace “SinglMSA01” with the name of the Single Managed Service Account you want to reset its password. Furthermore, if you hadn’t previously installed the sMSA on the computer you’re running the second command, run the first command to install it. 
Install-ADServiceAccount -Identity SinglMSA01
Reset-ADServiceAccountPassword -Identity SinglMSA01

Frequently Asked Questions

1. How do I reset a user in Active Directory?

The easiest way to reset a user’s password in Active Directory is from Active Directory Users and Computers (ADUC). To do this open ADUC and locate the user.

You can search for a user by right-clicking the domain name in ADUC and selecting Find.

Once you find the user, to reset its password, right-click the user and select Reset Password.

Note that you can also reset a user’s AD password from Active Directory Administrative Center, ADSI Edit, Command Prompt (Net User Command), and PowerShell

2. Can you undo a password reset in Active Directory?

Active Directory does not have a tool to revert a password to a previous password. If you want to reverse a password to the last password, you may have to perform an automartive AD restore.

3. How do I reset MultipleUsersPassword in Active Directory?

You can use a PowerShell script to reset password for multiple users in Active Directory. Follow the steps below to accomplish this task:

i) Create a CSV file with the login names (samAccountName) of the users. If you want to use a different password for each user, specify the passwords in a different column of the CSV file.

For this example, I will assume that the login names (samAccountName) of the users is in the samAccountName column of the CSV. Aditionall, I will assume that the password for each user is in the password column.

ii) Then, use the PowerShell script below to reset password for all the users in the CSV file.

| import-CSV | ForEach-Object {

$dn = (Get-ADObject -Filter {samAccountName -eq $_.samAccountName}).DistinguishedName
Set-ADAccountPassword -Identity $dn -Reset -NewPassword (ConvertTo-SecureString -AsPlainText $_.password -Force)

}

4. How do I change user Active Directory password in PowerShell?

To change user Active Directory password un PowerShell, follow the steps below:

i) Get the DistinguishedName of the user with the command below (change ‘victor ashiedu’ to the name of your user)

$dn = (Get-ADObject -Filter {Name -eq ‘victor ashiedu’}).DistinguishedName

ii) Then, run the command below to reset the password to p@ssw0rd.

Set-ADAccountPassword -Identity $dn -Reset -NewPassword (ConvertTo-SecureString -AsPlainText “p@ssw0rd” -Force)

5. How do I change my local password in PowerShell?

To change your local password in PowerShell, follow the steps below:

i) Run the Get-LocalUser to return all the user accounts on the local computer. Then, note the name of the account in the Name column.
ii) Next, run the command below to save the new password in the $Password variable.

$Password = Read-Host “Enter the new password” -AsSecureString

When you press enter, PowerShell will prompt you to enter the password.

iii) Finally, run the command below to change your local password in PowerShell – change to the name of the account you noted in step i) above.

Set-LocalUser -Name -Password $Password

Conclusion

If you’re an Adctive Directory SysAdmin resetting password for AD objects is one of your routine pasts. Furtermore, AD has different objects that you may need to reset passwords.

So, this guide discussed steps to reset password for a user account. In addition to that, I also covered steps to reset password for an AD computer account.

That is not all, but I also included steps to reset password for a Single Managed Servervice Account (sMSA) and a Group Managed Servervice Account (gMSA).

I hope you found this guide helpful and you were able to use the steps to reset the password for an AD object. If you found the guide helpful, click on “Yes” beside the “Was this page helpful” question below.

You may also express your thoughts and opinions by using the “Leave a Comment” form at the bottom of this page.

Finally, you can improve your Active Directory knowledge further with other articles in our Active Directory Guides page.

About the Author

Photo of author

Victor Ashiedu

Victor is the founder of InfoPress Media, publishers of Ilifeguides and Itechguides. With 20+ years of experience in IT infrastructure, his expertise spans Windows, Linux, and DevOps. Explore his contributions on Itechguides.com for insightful how-to guides and product reviews.

Related Articles

How to Use ODBC Driver to Test Connection to a MS SQL Server

How to Use ODBC Driver to Test Connection to a MS SQL Server

Configuring Windows Server 2019 Server as an iSCSI Target server

Configuring Windows Server 2019 as an iSCSI Target Server

How to Change Active Directory Tombstone Lifetime

How to Change Active Directory Tombstone Lifetime Attribute

Get in Touch

We're committed to writing accurate content that informs and educates. To learn more, read our Content Writing Policy, Content Review Policy, Anti-plagiarism Policy, and About Us.

However, if this content does not meet your expectations, kindly reach out to us through one of the following means:

  1. Respond to "Was this page helpful?" above
  2. Leave a comment with the "Leave a Comment" form below
  3. Email us at [email protected] or via the Contact Us page.

Leave a comment

Send this to a friend