Jump to content
Sign in to follow this  

Azure Active Directory Reset Example

Recommended Posts

Step 1: Ensure you have prerequisites set up for your web server, as per this forum post (Once off process)

Step 2: Add new Password Record configured as follows:


Screen 1: Ensure you configure the below 4 options correctly and enter in the Azure AD password for the account.  If you configure an Expiry Date it will automatically change the password when that date is reached.




Screen 2: Select the appropriate Privileged Account.  This account must have permissions to reset other accounts in Azure AD.  If the user account you are resetting the passowrd for has permissions to perform account resets in Azure AD, then you do not need to set a privileged account on this screen.  See bottom of this page for description of permissions required to reset passwords in Azure AD.


Also confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs




Screen 3: Confirm the Validate Password for Active Directory Account validation script is selected





A standard user in Azure AD cannot reset their own account password, using the Powershell module Passwordstate uses.  If you grant the user one of the following roles in Azure, then they will be able to reset their own password:


1. Helpdesk (Password) administrator

2. User Administrator

3. Global Administrator


Helpdesk administrator is the role with the least privileges, however this will also give the user the ability to reset other Azure user passwords.  If you feel these permissions are too high, then you should use a privileged account that has this Helpdesk Administrator role, and assign it on your Password record (Screen 2 above).  This privileged account will perform the reset of the password on behalf of the user.


To assign the Helpdesk Administrator role in Azure AD, log into the Azure AD portal as an Administrator, select Azure Active Directory -> Roles and administrators, and open the Helpdesk (password) Administrator role. Then click Add Assignment and search for the appropriate user, and save your changes.




Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this