Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Azure / How to Reset User Password in Azure Active Directory (Microsoft 365)?

April 15, 2022 AzureMicrosoft 365PowerShell

How to Reset User Password in Azure Active Directory (Microsoft 365)?

If an Azure Active Directory user forgets his password, an Azure (Microsoft 365) tenant administrator can reset it in several ways: using the Azure Portal, through PowerShell, or by enabling the self-service password reset (SSPR) feature.

Contents:
  • Reset User’s Password in Azure Portal
  • Resetting Azure AD User Password with PowerShell

To reset a user’s password, your account must have one of the following built-in Azure: User Administrator or Password Administrator.

Reset User’s Password in Azure Portal

The easiest way to reset a user password in Azure is to use the Azure Portal web interface (or Microsoft 365 Admin Center):

  1. Sign in to https://portal.azure.com/ and go to Azure Active Directory -> Users;
  2. Select a user and click Reset Password; azure ad portal - reset user password
  3. You will receive a notification that a temporary password will be assigned to the user:
    The user 'Lina@woshub.onmicrosoft.com' will be assigned a temporary password that must be changed on the next sign in. To display the temporary password, click 'Reset password'.

    Click Reset Password.

  4. Azure will generate a new temporary password for the user and show it on the screen; temporapy password for Azure AD user
  5. Tell the new password to the user, and the next time they sign in to any Microsoft 365 app using Modern Authentication, they will be prompted to change the password;
    Your need to update your password because this is the first rime you are signing in, or because your password has expired.

    form to change expired password in azure ad

  6. You can make sure that the user has authenticated successfully using the Azure sign-in logs.

Here are some important things to keep in mind:

  • A temporary password never expires.
  • If your on-premises Active Directory is synchronized with Azure through the Azure AD Connector, the Password Writeback feature must be enabled in the Connector settings in order to reset the ADDS user’s password from the cloud.

You can enable self-service password reset (SSPR) on your Azure tenant. You can enable SSPR for a group of users or all AAD users in Azure Active Directory -> Password reset -> Properties.

enable enable self-service password reset in Azure

To reset their passwords, users can use allowed authentication methods. In addition to standard MFA methods, they can use security questions and office phone calls. You can use one or two authentication methods.

configure authentication methods for azure enable self-service password reset

Resetting Azure AD User Password with PowerShell

When you reset a user’s password via the Azure Portal, a new temporary password is automatically generated. However, you can set a new user password manually using PowerShell.

You can also set a new user password manually through the Microsoft 365 Admin Center.

You can use the Azure AD module to reset a user’s password. Connect to your Azure tenant:

Connect-AzureAD

Set a new password and convert it to SecureString (see the article on how to use passwords in PowerShell scripts):

$newPass = ConvertTo-SecureString 'Str0ngNewPa$$1' -AsPlainText –Force

You can use PowerShell to generate a strong random password:

Add-Type -AssemblyName System.Web
$genpass=[System.Web.Security.Membership]::GeneratePassword(9,2)
$newPass = ConvertTo-SecureString $genpass -AsPlainText –Force

Get the Object ID of the user for which you want to change the password using its UserPrincipalName:

$userObjectId=(Get-AzureADUser -filter "userPrincipalName eq 'Lina@woshub.onmicrosoft.com'").ObjectID

Apply the new password to the Azure user by ObjectID:

Set-AzureADUserPassword -ObjectId $userObjectId -Password $newPass

Set-AzureADUserPassword powershell

If you want a user to change the password at the next sign-in, add the -ForceChangePasswordNextLogin $true option.

You won’t be able to view the date and time when the user changed the password using the Azure AD PowerShell module. You can get this information using Microsoft Graph API or the legacy MSOnline module.

If you have the MSOnline PowerShell module installed, connect to your tenant:

Connect-MsolService

Display the LastPasswordChangeTimeStamp value:

Get-MsolUser -UserPrincipalName 'Lina@woshub.onmicrosoft.com'| Select DisplayName,UserPrincipalName,LastPasswordChangeTimeStamp

Get-MsolUser LastPasswordChangeTimeStamp

If the password expiration option is enabled in the Azure AD password policy, you can get the date when a user password expires using PowerShell:

$user=Get-MsolUser -UserPrincipalName 'Lina@woshub.onmicrosoft.com'
$User.LastPasswordChangeTimestamp.AddDays($PasswordPolicy.ValidityPeriod)

In on-premises Active Directory Domain Services, you can get the password expiration date for a domain user from the msDS-UserPasswordExpiryTimeComputed constructed attribute.

Or you can access the Microsoft Graph API from PowerShell to get the date and time the user’s password was changed and the user creation data in Azure:

$ApplicationID = "your-app-ID"
$TenatDomainName = "your-tenant-ID"
$AccessSecret = "your-app-secret"
$Body = @{
Grant_Type    = "client_credentials"
Scope         = "https://graph.microsoft.com/.default"
client_Id     = $ApplicationID
Client_Secret = $AccessSecret
}
$ConnectGraph = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$TenatDomainName/oauth2/v2.0/token" -Method POST -Body $Body
$token = $ConnectGraph.access_token
$GrapUserUrl = 'https://graph.microsoft.com/v1.0/users?$select= userprincipalname,accountenabled,signInActivity,createdDateTime,lastPasswordChangeDateTime'
$users=(Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $GrapUserUrl -Method Get).value
$users | where userprincipalname –eq 'Lina@woshub.onmicrosoft.com' | select userprincipalname,accountenabled,createdDateTime,lastPasswordChangeDateTime

Get Azure AD user LastPasswordChangeDateTime using PowerShell and Microsoft Graph API

Using Microsoft Graph API and the POST method, you can even reset a user password. Use the POST request below:

POST https://graph.microsoft.com/v1.0/me/changePassword
Content-Type: application/json
  {
     "currentPassword": "OldPass123!",
     "newPassword": "NewP@ss2!"
   }
Learn how to reset user passwords in the local Active Directory in this article.

0 comment
0
Facebook Twitter Google + Pinterest
previous post
How to Delete or Rename Default Mailbox Database in Exchange Server?
next post
Install Active Directory Users and Computers (ADUC) Snap-in on Windows 10/11

Related Reading

Create Organizational Units (OU) Structure in Active Directory...

May 17, 2022

Windows Security Won’t Open or Shows a Blank...

May 17, 2022

How to Manually Install Windows Updates from CAB...

May 16, 2022

Enable or Disable MFA for Users in Azure/Microsoft...

April 27, 2022

Fix: You’ll Need a New App to Open...

April 27, 2022

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Whitelist Domains and Email Addresses on Exchange Server and Microsoft 365
  • Checking User Sign-in Logs in Azure AD (Microsoft 365)
  • Enabling Modern or Basic Authentication for Microsoft 365
  • Get User or Group Creation Date in Azure AD (or MS365) with PowerShell
  • How to Hide Users and Groups from the Global Address List on Exchange/Office 365?
  • Enable or Disable MFA for Users in Azure/Microsoft 365
  • How to Connect to Azure AD Using PowerShell?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top