Reset-MgUserAuthenticationMethodPassword
Reset a user's password, represented by a password authentication method object. This can only be done by an administrator with appropriate permissions and can't be performed on a user's own account. To reset a user's password in Azure AD B2C, use the Update user API operation and update the passwordProfile > forceChangePasswordNextSignIn object. This flow writes the new password to Microsoft Entra ID and pushes it to on-premises Active Directory if configured using password writeback. The admin can either provide a new password or have the system generate one. The user is prompted to change their password on their next sign in. This reset is a long-running operation and returns a Location header with a link where the caller can periodically check for the status of the reset operation.
Note
To view the beta release of this cmdlet, view Reset-MgBetaUserAuthenticationMethodPassword
Syntax
Reset-MgUserAuthenticationMethodPassword
-AuthenticationMethodId <String>
-UserId <String>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-NewPassword <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Reset-MgUserAuthenticationMethodPassword
-AuthenticationMethodId <String>
-UserId <String>
-BodyParameter <IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Reset-MgUserAuthenticationMethodPassword
-InputObject <IUsersActionsIdentity>
[-ResponseHeadersVariable <String>]
[-AdditionalProperties <Hashtable>]
[-NewPassword <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Reset-MgUserAuthenticationMethodPassword
-InputObject <IUsersActionsIdentity>
-BodyParameter <IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema>
[-ResponseHeadersVariable <String>]
[-Headers <IDictionary>]
[-ProgressAction <ActionPreference>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Reset a user's password, represented by a password authentication method object. This can only be done by an administrator with appropriate permissions and can't be performed on a user's own account. To reset a user's password in Azure AD B2C, use the Update user API operation and update the passwordProfile > forceChangePasswordNextSignIn object. This flow writes the new password to Microsoft Entra ID and pushes it to on-premises Active Directory if configured using password writeback. The admin can either provide a new password or have the system generate one. The user is prompted to change their password on their next sign in. This reset is a long-running operation and returns a Location header with a link where the caller can periodically check for the status of the reset operation.
Permissions
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | UserAuthenticationMethod.ReadWrite.All | Not available. |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Not supported. | Not supported. |
Examples
Example 1: User-submitted password
Import-Module Microsoft.Graph.Users.Actions
$params = @{
newPassword = "Cuyo5459"
}
$authenticationMethodId = "28c10230-6103-485e-b985-444c60001490"
Reset-MgUserAuthenticationMethodPassword -UserId $userId -AuthenticationMethodId $authenticationMethodId -BodyParameter $params
This example will set the submitted password.
Example 2: System-generated password
Import-Module Microsoft.Graph.Users.Actions
$params = @{
}
$authenticationMethodId = "28c10230-6103-485e-b985-444c60001490"
Reset-MgUserAuthenticationMethodPassword -UserId $userId -AuthenticationMethodId $authenticationMethodId -BodyParameter $params
This example will generate a password for a cloud only user.
Parameters
-AdditionalProperties
Additional Parameters
Type: | Hashtable |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-AuthenticationMethodId
The unique identifier of authenticationMethod
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-BodyParameter
. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.
Type: | IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Headers
Optional headers that will be added to the request.
Type: | IDictionary |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-InputObject
Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.
Type: | IUsersActionsIdentity |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-NewPassword
.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ProgressAction
{{ Fill ProgressAction Description }}
Type: | ActionPreference |
Aliases: | proga |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ResponseHeadersVariable
Optional Response Headers Variable.
Type: | String |
Aliases: | RHV |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-UserId
The unique identifier of user
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Microsoft.Graph.PowerShell.Models.IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema
Microsoft.Graph.PowerShell.Models.IUsersActionsIdentity
System.Collections.IDictionary
Outputs
System.String
Notes
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
BODYPARAMETER <IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema>
: .
[(Any) <Object>]
: This indicates any property can be added to this object.[NewPassword <String>]
:
INPUTOBJECT <IUsersActionsIdentity>
: Identity Parameter
[AuthenticationMethodId <String>]
: The unique identifier of authenticationMethod[CalendarId <String>]
: The unique identifier of calendar[ChatId <String>]
: The unique identifier of chat[ChatMessageId <String>]
: The unique identifier of chatMessage[ChatMessageId1 <String>]
: The unique identifier of chatMessage[ContentTypeId <String>]
: The unique identifier of contentType[DeviceLogCollectionResponseId <String>]
: The unique identifier of deviceLogCollectionResponse[DocumentSetVersionId <String>]
: The unique identifier of documentSetVersion[DriveId <String>]
: The unique identifier of drive[DriveItemId <String>]
: The unique identifier of driveItem[DriveItemVersionId <String>]
: The unique identifier of driveItemVersion[EventId <String>]
: The unique identifier of event[EventId1 <String>]
: The unique identifier of event[ListItemId <String>]
: The unique identifier of listItem[ListItemVersionId <String>]
: The unique identifier of listItemVersion[MailFolderId <String>]
: The unique identifier of mailFolder[MailFolderId1 <String>]
: The unique identifier of mailFolder[ManagedDeviceId <String>]
: The unique identifier of managedDevice[MessageId <String>]
: The unique identifier of message[NotebookId <String>]
: The unique identifier of notebook[OnenotePageId <String>]
: The unique identifier of onenotePage[OnenoteSectionId <String>]
: The unique identifier of onenoteSection[OnlineMeetingId <String>]
: The unique identifier of onlineMeeting[PermissionId <String>]
: The unique identifier of permission[PhoneAuthenticationMethodId <String>]
: The unique identifier of phoneAuthenticationMethod[SubscriptionId <String>]
: The unique identifier of subscription[TeamsAppInstallationId <String>]
: The unique identifier of teamsAppInstallation[TodoTaskId <String>]
: The unique identifier of todoTask[TodoTaskListId <String>]
: The unique identifier of todoTaskList[UserId <String>]
: The unique identifier of user