Pricing  Get Quote

How to: Reset Azure Active Directory domain passwords

The PowerShell scripts given below can be used to reset user passwords in Azure Active Directory. ADSelfService Plus, the Active Directory self-service password management and single sign-on solution, provides password self-service for Azure Active Directory accounts from multiple access points. The following is a comparison between resetting Azure Active Directory domain passwords with Windows PowerShell and ADSelfService Plus:

With PowerShell

  • Set the password for a user in Azure Active Directory
    Executing this code will reset the password for a single user in Azure Active Directory.
    Set-AzureADUserPassword -ObjectId  "df19e8e6-2ad7-453e-87f5-037f6529ae16" -Password $password
    Click to copy entire script
  • Reset passwords for users by OU and group membership
    Not supported.

With ADSelfService Plus

  • For users: Self-service password reset, i.e., password reset without admin intervention
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Password Configuration.
    • Select Password Reset.
    • Click Select OUs/Groups, and then select the specific users for whom the self-service password reset feature needs to be enabled.
    • Click Save.
  • For admins: Reset all users in a domain
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Policy Configuration > Advanced.
    • Enable Automatically reset locked-down accounts in your domain.
    • Click Save.

What are the limitations of Windows PowerShell to reset Azure Active Directory passwords?

  • No support for self-service password resets.
  • Creating multiple automatic Azure Active Directory password reset schedulers for different set of users is a highly laborious process. Also, there's always a possibility of admin privilege exploitation if not maintained properly.

What are the advantages of using ADSelfService Plus over Windows PowerShell?

  • Enables users to reset their password via multiple access points such as their login screens, mobile phone or a secure web portal.
  • Secures self-service password resets with sophisticated authenticators like biometrics and YubiKey.
  • Supports help-desk assisted password resets.
Benefits of ADSelfService Plus
  • Self-service password reset (SSPR):

    With ADSelfService Plus, users can reset their passwords from:

    • The logon screens of their Windows, Linux, or macOS machines.
    • Web browsers by accessing the ADSelfService Plus portal, which can be configured to be accessed through all major web browsers.
    • Their mobile devices by accessing the ADSelfService Plus iOS or Android mobile app or mobile site.
    • Their private networks, even remotely. Furthermore resetting their passwords, ADSelfService Plus also lets users update their cached credentials.
  • Password self-service, simplified:

    Allow users to perform self-service password reset on their Active Directory and cloud accounts.

  • Improves account security:

    Secures Azure AD password reset with advanced multi-factor authentication including biometrics and QR-code authentication.

  • Improves the user experience:

    Allows users to reset forgotten passwords from a secure portal, from anywhere, at any time.

  • Advanced password policy settings:

    Admins can ensure users create strong Azure AD passwords by banning weak passwords, palindromes, etc.

SSPR for users' Azure Active Directory account.

  Get 30-day free trial.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link