Reset a user's password

Administrators can reset a user's password if the password is forgotten, if the user gets locked out of a device, or if the user never received a password.


If you're not an administrator and you need instructions on how to reset your own work or school password, see Reset your work or school password.

Unless your tenant is the home directory for a user, you won't be able reset their password. This means that if your user is signing in to your organization using an account from another organization, a Microsoft account, or a Google account, you won't be able to reset their password.

If your user has a source of authority as Windows Server Active Directory, you'll only be able to reset the password if you've turned on password writeback and the user domain is managed. Changing the user password for federated domains is not supported. In this case, you should change the user password in the on-premises Active Directory.

If your user has a source of authority as External Microsoft Entra ID, you won't be able to reset the password. Only the user, or an administrator in that tenant, can reset the password.


You must have at least the following role to restore and permanently delete users.

  • Password Administrator

To reset a password


Steps in this article might vary slightly based on the portal you start from.

  1. Sign in to the Microsoft Entra admin center as at least a Password Administrator.

  2. Browse to Identity > Users > All users.

  3. Select the user that needs the reset, then select Reset Password.

    The Alain Charon - Profile page appears with the Reset password option.

    Screenshot of the User's profile page, with Reset password option highlighted.

  4. In the Reset password page, select Reset password.


    When using Microsoft Entra ID, a temporary password is auto-generated for the user. When using Active Directory on-premises, you create the password for the user.

  5. Copy the password and give it to the user. The user will be required to change the password during the next sign-in process.


    The temporary password never expires. The next time the user signs in, the password will still work, regardless how much time has passed since the temporary password was generated.


    If an administrator is unable to reset the user's password, and the Application Event Logs on the Microsoft Entra Connect server has error code hr=80231367, review the user's attributes in Active Directory. If the attribute AdminCount is set to 1, this will prevent an administrator from resetting the user's password. The attribute AdminCount must be set to 0, in order for an administrators to reset the user's password.