Reset-MgUserAuthenticationMethodPassword

Reset a user's password, represented by a password authentication method object. This can only be done by an administrator with appropriate permissions and can't be performed on a user's own account. To reset a user's password in Azure AD B2C, use the Update user API operation and update the passwordProfile > forceChangePasswordNextSignIn object. This flow writes the new password to Microsoft Entra ID and pushes it to on-premises Active Directory if configured using password writeback. The admin can either provide a new password or have the system generate one. The user is prompted to change their password on their next sign in. This reset is a long-running operation and returns a Location header with a link where the caller can periodically check for the status of the reset operation.

Note

To view the beta release of this cmdlet, view Reset-MgBetaUserAuthenticationMethodPassword

Syntax

Reset-MgUserAuthenticationMethodPassword
     -AuthenticationMethodId <String>
     -UserId <String>
     [-ResponseHeadersVariable <String>]
     [-AdditionalProperties <Hashtable>]
     [-NewPassword <String>]
     [-Headers <IDictionary>]
     [-ProgressAction <ActionPreference>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Reset-MgUserAuthenticationMethodPassword
     -AuthenticationMethodId <String>
     -UserId <String>
     -BodyParameter <IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema>
     [-ResponseHeadersVariable <String>]
     [-Headers <IDictionary>]
     [-ProgressAction <ActionPreference>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Reset-MgUserAuthenticationMethodPassword
     -InputObject <IUsersActionsIdentity>
     [-ResponseHeadersVariable <String>]
     [-AdditionalProperties <Hashtable>]
     [-NewPassword <String>]
     [-Headers <IDictionary>]
     [-ProgressAction <ActionPreference>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]
Reset-MgUserAuthenticationMethodPassword
     -InputObject <IUsersActionsIdentity>
     -BodyParameter <IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema>
     [-ResponseHeadersVariable <String>]
     [-Headers <IDictionary>]
     [-ProgressAction <ActionPreference>]
     [-WhatIf]
     [-Confirm]
     [<CommonParameters>]

Description

Reset a user's password, represented by a password authentication method object. This can only be done by an administrator with appropriate permissions and can't be performed on a user's own account. To reset a user's password in Azure AD B2C, use the Update user API operation and update the passwordProfile > forceChangePasswordNextSignIn object. This flow writes the new password to Microsoft Entra ID and pushes it to on-premises Active Directory if configured using password writeback. The admin can either provide a new password or have the system generate one. The user is prompted to change their password on their next sign in. This reset is a long-running operation and returns a Location header with a link where the caller can periodically check for the status of the reset operation.

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) UserAuthenticationMethod.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application Not supported. Not supported.

Examples

Example 1: User-submitted password

Import-Module Microsoft.Graph.Users.Actions

$params = @{
	newPassword = "Cuyo5459"
}

$authenticationMethodId = "28c10230-6103-485e-b985-444c60001490"

Reset-MgUserAuthenticationMethodPassword -UserId $userId -AuthenticationMethodId $authenticationMethodId -BodyParameter $params

This example will set the submitted password.

Example 2: System-generated password

Import-Module Microsoft.Graph.Users.Actions

$params = @{
}

$authenticationMethodId = "28c10230-6103-485e-b985-444c60001490"

Reset-MgUserAuthenticationMethodPassword -UserId $userId -AuthenticationMethodId $authenticationMethodId -BodyParameter $params

This example will generate a password for a cloud only user.

Parameters

-AdditionalProperties

Additional Parameters

Type:Hashtable
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AuthenticationMethodId

The unique identifier of authenticationMethod

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-BodyParameter

. To construct, see NOTES section for BODYPARAMETER properties and create a hash table.

Type:IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Headers

Optional headers that will be added to the request.

Type:IDictionary
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-InputObject

Identity Parameter To construct, see NOTES section for INPUTOBJECT properties and create a hash table.

Type:IUsersActionsIdentity
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-NewPassword

.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ProgressAction

{{ Fill ProgressAction Description }}

Type:ActionPreference
Aliases:proga
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResponseHeadersVariable

Optional Response Headers Variable.

Type:String
Aliases:RHV
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserId

The unique identifier of user

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Graph.PowerShell.Models.IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema

Microsoft.Graph.PowerShell.Models.IUsersActionsIdentity

System.Collections.IDictionary

Outputs

System.String

Notes

COMPLEX PARAMETER PROPERTIES

To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.

BODYPARAMETER <IPaths1KjcdupUsersUserIdAuthenticationMethodsAuthenticationmethodIdMicrosoftGraphResetpasswordPostRequestbodyContentApplicationJsonSchema>: .

  • [(Any) <Object>]: This indicates any property can be added to this object.
  • [NewPassword <String>]:

INPUTOBJECT <IUsersActionsIdentity>: Identity Parameter

  • [AuthenticationMethodId <String>]: The unique identifier of authenticationMethod
  • [CalendarId <String>]: The unique identifier of calendar
  • [ChatId <String>]: The unique identifier of chat
  • [ChatMessageId <String>]: The unique identifier of chatMessage
  • [ChatMessageId1 <String>]: The unique identifier of chatMessage
  • [ContentTypeId <String>]: The unique identifier of contentType
  • [DeviceLogCollectionResponseId <String>]: The unique identifier of deviceLogCollectionResponse
  • [DocumentSetVersionId <String>]: The unique identifier of documentSetVersion
  • [DriveId <String>]: The unique identifier of drive
  • [DriveItemId <String>]: The unique identifier of driveItem
  • [DriveItemVersionId <String>]: The unique identifier of driveItemVersion
  • [EventId <String>]: The unique identifier of event
  • [EventId1 <String>]: The unique identifier of event
  • [ListItemId <String>]: The unique identifier of listItem
  • [ListItemVersionId <String>]: The unique identifier of listItemVersion
  • [MailFolderId <String>]: The unique identifier of mailFolder
  • [MailFolderId1 <String>]: The unique identifier of mailFolder
  • [ManagedDeviceId <String>]: The unique identifier of managedDevice
  • [MessageId <String>]: The unique identifier of message
  • [NotebookId <String>]: The unique identifier of notebook
  • [OnenotePageId <String>]: The unique identifier of onenotePage
  • [OnenoteSectionId <String>]: The unique identifier of onenoteSection
  • [OnlineMeetingId <String>]: The unique identifier of onlineMeeting
  • [PermissionId <String>]: The unique identifier of permission
  • [PhoneAuthenticationMethodId <String>]: The unique identifier of phoneAuthenticationMethod
  • [SubscriptionId <String>]: The unique identifier of subscription
  • [TeamsAppInstallationId <String>]: The unique identifier of teamsAppInstallation
  • [TodoTaskId <String>]: The unique identifier of todoTask
  • [TodoTaskListId <String>]: The unique identifier of todoTaskList
  • [UserId <String>]: The unique identifier of user