Tuesday, June 5, 2012

Set-ADAccountPassword : Access is denied

I was trying to reset  a bunch of passwords and was trying to do this in Powershell:

Set-ADAccountPassword -Identity myuser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'newpassword' -Force)

However, it was coming back with the following despite running the Powershell console as Administrator:

Set-ADAccountPassword : Access is denied
At line:1 char:22
+ Set-ADAccountPassword <<<<  -Identity myuser -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'newpassword' -Force)
    + CategoryInfo          : PermissionDenied: (christys:ADAccount) [Set-ADAccountPassword], UnauthorizedAccessException
    + FullyQualifiedErrorId : Access is denied,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword


I did a quick search and found this, which didn't help, but it did inspire me to try this:

$newpassword = ConvertTo-SecureString -AsPlainText 'newpassword' -Force
Set-ADAccountPassword -Identity myuser -Reset -NewPassword $newpassword



This worked well.

3 comments:

  1. Thanks for the post. In case anyone else comes across this issue, for my situation the issue was UAC on Server 2012 being enabled. I could do just about everything else in an elevated powershell console but setting the password always failed with the above error until I disabled UAC.

    ReplyDelete
  2. I got the same error when trying to use " (double quotes) instead of a tic ('). I had a $ as part of the password. The simple things...

    ReplyDelete