This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 93%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Hello! I've assigned the "User Administrator" role for a particular user we'd like to test. Role has been set to "active" in Privileged Access Management. Test user even gets the email that their access has been elevated in AzureAD. I even logged out as the test user and back on but still cannot reset any user passwords. What is wrong?
Test user has the E3 licensing assigned and even tried with an E5 license.
Any help would be appreciated. Thanks!
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
If the account you are trying to reset the password has an elevated role, then you need to use
Also see:
Hi Dale,
Did the user log into Azure, go to PIM and accept the access?
PIM > My Roles > Eligible Assignments.
You can verify the user has been assigned the role under the Active Assignments tab.
Test user was already set to "active". I can create a new user with the test account, but cannot reset a password.
Please see image.
What roles do the accounts you are trying to change have? The "User Administrator" role cannot change the password for accounts with certain roles, such as "Global Admin" and "Privileged Role Admin". It also cannot change the password for normal user accounts which if they are a member/owner of a role-assignable group.
Also keep an eye out for any administrative units which may affect the scope you have permissions over.
My regular account has been given "user admin" and the user I was trying to update was another regular user w/o any roles assigned.
What exactly happens when you try to reset the other account's password?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 75%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEA%3C/text%3E%3C/svg%3E)
Hi Toks,
I have similar issue, I have created Admin unit with selecting User Administrator role assigned to User1 - the role is Active assignment as well but I am still getting same error when trying to reset any user password, also i can't create account except inviting external!
There are a few things you can try to resolve the issue:
If none of these steps resolve the issue, you may need to open a support ticket with Microsoft to get further assistance.
@khurram Rahim
I have similar issue, I have created Admin unit with selecting User Administrator role assigned to User1 - the role showing in Active assignment as well but I am still getting same error when trying to reset any user password, also i can't create account except inviting external!
although i can create a group using User1 but still can't reset password for general user (member) doesn't have any role assigned!
note, the user1 is member of group where the Azure AD roles can't be assigned to the group
from my Global Administrator account, i can reset user passwords!
Thank you for your post!
I understand that you're having issues resetting another user's password after assigning the User Administrator role to your test user via PIM. Can you share any error messages that you're seeing when trying to reset the user's password?
Troubleshoot portal delay - Permissions aren't granted after activating a role:
When you activate a role in Privileged Identity Management, the activation might not instantly propagate to all portals that require the privileged role. Sometimes, even if the change is propagated, web caching in a portal may cause a delay before the change takes effect. If your activation is delayed, sign out of the portal you're trying to perform the action and then sign back in. In the Azure portal, PIM signs you out and back in automatically.
If you have any other questions, please let me know.
Thanks James! It's been a few days since I last looked, but let me go on the assumption it was related to cloud propagation. I will check again and reply again a little later with any error/s.
Thank you for following up on this, I just wanted to check in and see if you were still running into any issues? If you're still having problems resetting another user's password and would like our support team to take a closer look into your environment, please let me know.
Thank you for your time and patience throughout this issue.
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.