locked
Set-ADAccountPassword failing RRS feed

  • Question

  • Hi All

    I've been trying to organise a password reset command using Powershell, but running into issues

    The command I'm using is:

    set-ADAccountPassword -Identity "922448" -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "Welcome1" -Force)


    where 922448 is the sAMAccountName and Welcome1 is just a test password

    I've been running into this error:

     

    set-ADAccountPassword : A referral was returned from the server
    At line:1 char:1
    + set-ADAccountPassword -Identity '922448' -Reset -NewPassword (ConvertTo-SecureSt ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (922448:ADAccount) [Set-ADAccountPassword], ADException
        + FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword

    Not sure what's going wrong, I've tried parsing it with and without the -Reset parameter, getting the Powershell cmdlet to prompt for the new password, but no luck, always seem to be getting the same error

    What could I be doing wrong?

    Thanks

    Saturday, March 14, 2020 7:19 AM

Answers


  • Turns out I needed to select which Domain Controller i wanted to reset the password on, using -Server

    Set-ADAccountPassword -Identity '123456' -Server 'DCname.local' -reset -NewPassword (ConvertTo-SecureString -AsPlainText 'Password1' -force)

    Once I did that it accepted the password reset


    • Marked as answer by Cross_TM Tuesday, March 24, 2020 2:00 AM
    • Edited by Cross_TM Tuesday, March 24, 2020 2:01 AM Spelling
    Tuesday, March 24, 2020 2:00 AM

All replies

  • Saturday, March 14, 2020 7:37 AM
  • Hi jrv

    I've had a look at this error message and investigated what it might mean, but I can't seem to make proper sense of what I'm doing wrong here; seems to be an error with the path from what I've read but I can't identify where I'd be making the error

    I tried just using 

    set-ADAccountPassword -Identity "922448" -Reset

    which showed that I'm at least finding the right AD user because it populated the correct DN for this account, but i still got the same error

    Looked to see if it might be the AD Module that's importing as it's importing with default drive 'AD' but unsure there as well

    Any advice/guidance in the right direction would be greatly appreciated


    • Edited by Cross_TM Saturday, March 14, 2020 9:31 AM
    Saturday, March 14, 2020 9:30 AM
  • Get-AdUser '922448' | Set-ADAccountPassword -Reset -NewPassword (ConvertTo-SecureString -AsPlainText Welcome1 -Force)


    \_(ツ)_/


    • Edited by jrv Saturday, March 14, 2020 9:37 AM
    Saturday, March 14, 2020 9:36 AM
  • Okay so I gave that command a go; got a similar error but this time it's loaded char23 (which is the beginning of the Set-ADAccountPassword cmdlet), and it's loaded the Distinguished Name for the user instead of 922448

    Saturday, March 14, 2020 9:49 AM
  • Please contact you AD network techs and have them help you fix your AD implementation.  The issue has nothing to do with PowerShell. 

    The simplest first step is to start the ADWS service on the AD that is handling your command.  The AD techs will help you to resolve this and will fix the issue.


    \_(ツ)_/

    • Marked as answer by jrv Tuesday, March 24, 2020 1:47 AM
    • Unmarked as answer by Cross_TM Tuesday, March 24, 2020 1:56 AM
    Saturday, March 14, 2020 10:07 AM
  • Hi,

    Did your issue has been resolved?

    And is there anything that we can do for you?

    Please do not hesitate to let me know if you got any further questions or thoughts, thanks for reading!

    Best wishes,

    Young Yang.

    Wednesday, March 18, 2020 1:48 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Yang Yang

    Tuesday, March 24, 2020 1:40 AM

  • Turns out I needed to select which Domain Controller i wanted to reset the password on, using -Server

    Set-ADAccountPassword -Identity '123456' -Server 'DCname.local' -reset -NewPassword (ConvertTo-SecureString -AsPlainText 'Password1' -force)

    Once I did that it accepted the password reset


    • Marked as answer by Cross_TM Tuesday, March 24, 2020 2:00 AM
    • Edited by Cross_TM Tuesday, March 24, 2020 2:01 AM Spelling
    Tuesday, March 24, 2020 2:00 AM