-
Notifications
You must be signed in to change notification settings - Fork 8
Specials
Jiri Formacek edited this page Apr 28, 2026
·
1 revision
Resetting AD user account password is common task for AD administrators. With PowerShell and LDAP provider you can do it in a few lines of code. Below is example of how to reset user password and set "User must change password at next logon" flag on the account.
$Ldap = Get-LdapConnection
Register-LdapAttributeTransform -Name unicodePwd
Register-LdapAttributeTransform -Name fileTime -AttributeName pwdLastSet
#gets RootDSE object
$Dse = $Ldap | Get-RootDSE
#find user account
$User = Find-LdapObject -LdapConnection $Ldap `
-SearchFilter:"(&(cn=jsmith)(objectClass=user)(objectCategory=organizationalPerson))" `
-SearchBase:"ou=Users,$($Dse.defaultNamingContext)" `
-PropertiesToLoad 'pwdLastSet', 'unicodePwd'
#reset password
$user.unicodePwd = "NewP@ssw0rd"
# set "User must change password at next logon" flag
$user.pwdLastSet = 0
#commit changes to directory
$user | Edit-LdapObject -LdapConnection $Ldap -IncludedProps 'unicodePwd', 'pwdLastSet'