Pricing  Get Quote
 
 

How to reset Active Directory domain passwords

The following is a comparison between resetting Active Directory domain passwords using Windows PowerShell and ADSelfService Plus:

With PowerShell

  • Reset a password for a user account using a distinguished name
    Executing this code will reset the password for a single user by their distinguished name. 
    Set-ADAccountPassword -Identity 'CN=John Smith,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "password@123" -Force)
     Copied
    Click to copy entire script
  • Reset passwords for users by OU and group membership.
    Not supported.

With ADSelfService Plus

  • For users: Self-service password reset, i.e., password reset without admin intervention
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Policy Configuration.
    • Select Password Reset.
      self-service-ad-password-reset-powershell-script-1
    • Click Select OUs/Groups to granularly select which set of users need to be empowered with self-service account unlock feature.
      self-service-ad-password-reset-powershell-script-2
    • Click Save.
  • For admins: Reset all users in a domain
    • Go to ADSelfService Plus admin portal.
    • Navigate to Configuration > Self-Service > Policy Configuration > Advanced.
      self-service-ad-password-reset-powershell-script-3
    • Enable Automatically resets domain user' password in your domain.
    • Click Save.

What are the limitations of using Windows PowerShell to reset passwords?

  • Doesn't allow end-users to reset their forgotten passwords on their own from their Windows login screen or their mobile phones.
  • It doesn't allow admins enable self-service password reset based on OU and group memberships.
  • Creating multiple automatic password reset schedulers for different set of users is a highly laborious process. Also, there's always a possibility of admin privilege exploitation if not maintained properly.
Benefits of ADSelfService Plus
  • Self-service password reset (SSPR):

    With ADSelfService Plus, users can reset their passwords from:

    • The logon screens of their Windows, Linux, or macOS machines.
    • Web browsers by accessing the ADSelfService Plus portal, which can be configured to be accessed through all major web browsers.
    • Their mobile devices by accessing the ADSelfService Plus iOS or Android mobile app or mobile site.
    • Their private networks, even remotely. Furthermore resetting their passwords, ADSelfService Plus also lets users update their cached credentials.
  • Improves ROI

    Enables users to perform self-service password reset and reduces IT expense.

  • Improves IT security

    Supports advanced multi-factor authentication techniques like biometrics and YubiKey to secure self-service password resets and account unlocks.

  • Universal enforcement

    Admins can enforce the self-service password reset feature for users' Active Directory and cloud account.

  • Improves user experience

    Zero wait time as it allows users to reset Azure AD passwords, from anywhere, at any time.

Empower users to unlock their Active Directory and cloud accounts.

  Get 30-day free trial.

Related Resources

RELATED PRODUCTS

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Password Self-ServiceDirectory Self-ServiceOne IdentitySecurityRelated Products

A single pane of glass for complete self service password management

Free Trial Get Quote
Email Download Link