Set-ADAccountPassword Issue

Welcome Forums General PowerShell Q&A Set-ADAccountPassword Issue

This topic contains 5 replies, has 3 voices, and was last updated by

4 years, 6 months ago.

  • Author
  • #18890

    Points: 1
    Rank: Member


    I am new to PS so today I opened a new session with my DC and tried to change a password for one of the users. I made sure Execution policy was set to unrestricted and that I ran PS with Domain Admin credentials.

    [win2k8]: PS C:\Users\hardware\Documents> Set-ADAccountPassword -Identity lseetram -OldPassword(ConvertTo-SecureStri
    AsPlainText "Old password"-Force) -NewPassword(ConvertTo-SecureString -AsPlainText "New password" -Force)


    Set-ADAccountPassword : Access is denied
    At line:1 char:1
    + Set-ADAccountPassword -Identity lseetram -OldPassword(ConvertTo-SecureString -As ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : PermissionDenied: (lseetram:ADAccount) [Set-ADAccountPassword], UnauthorizedAccessException
    + FullyQualifiedErrorId : Access is denied,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword

    I Googled the issue but could not find anything related to this except that one of the tips was to remove SpecOps GPUpdate, which I did and no change. I also tried to refer to the account by using CN and no change.

    Any ideas?


  • #18893

    Points: 24
    Rank: Member

    It seems the user who is running the command doesn't have permisions to make changes to this user. We have users who can reset passwords, but they can reset domain admin's passwords.

  • #18898

    Points: 1
    Rank: Member

    Thanks for your quick reply. I am running the console under domain Admin's account. Are there any other privileges that need to be given to that account in order to do this through the PS?

  • #18922

    Points: 1
    Rank: Member

    I just tried this in the interactive session on the DC itself and I am getting the same error message. I am obviously logged in as a Domain Admin

  • #18923

    Points: 1
    Rank: Member

    I now tried a brand new test domain controller with Server 2012 R2 and same thing happened.

  • #18952

    Points: 60
    Rank: Member

    Hey Alex,

    Couple of suggestions
    (1) If you're able to, try disabling UAC on a DC restart it. I've seen this happen even when PowerShell is launched as an Administrator
    (2) If you are using a variable for the password, and are using any special characters in the password use ' instead of ".
    (3) If it's still not working, try this instead :

    $newPwd = ConvertTo-SecureString -AsPlainText 'New password' -Force
    Set-ADAccountPassword -Identity lseetram -Reset -NewPassword $newPwd 

The topic ‘Set-ADAccountPassword Issue’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort