Jaa


Reset a User Password

Applies To: Windows Server 2008

Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Creating a new user account

  • Using the Windows interface

  • Using a command line

To reset a user password using the Windows interface

  1. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  2. In the console tree, click Users.

    Where?

    • Active Directory Users and Computers/domain node/Users

    Or, click the folder that contains the user account.

  3. In the details pane, right-click the user whose password you want to reset, and then click Reset Password.

  4. Type and then confirm the password.

  5. If you want to require the user to change this password at the next logon process, select the User must change password at next logon check box.

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.

  • Services that are authenticated with a user account must be reset if the password for the service's user account is changed.

Additional references

To reset a user password by using a command line

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type the following command, and then press ENTER:

    dsmod user <UserDN> -pwd <NewPassword> -mustchpwd {yes|no}
    
Parameter Description

<UserDN>

Specifies the distinguished name of the user for which the password will be reset.

-pwd

Sets the <NewPassword>.

<NewPassword>

Specifies the password that will replace the current user password.

-mustchpwd

Sets the pwdExpired flag.

{yes|no}

Specifies the value of the pwdExpired flag.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsmod user /? 

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • If a password is not assigned, the first time that the user tries to log on (using a blank password), a logon message appears that says "You are required to change your password at first logon." After the user changes the password, the logon process continues.

  • Services that are authenticated with a user account must be reset if the password for the service's user account is changed.

Additional references