Reset a user's password
Administrators can reset a user's password if the password is forgotten, if the user gets locked out of a device, or if the user never received a password.
If you're not an administrator and you need instructions on how to reset your own work or school password, see Reset your work or school password.
Unless your tenant is the home directory for a user, you won't be able reset their password. This means that if your user is signing in to your organization using an account from another organization, a Microsoft account, or a Google account, you won't be able to reset their password.
If your user has a source of authority as Windows Server Active Directory, you'll only be able to reset the password if you've turned on password writeback and the user domain is managed. Changing the user password for federated domains is not supported. In this case, you should change the user password in the on-premises Active Directory.
If your user has a source of authority as External Microsoft Entra ID, you won't be able to reset the password. Only the user, or an administrator in that tenant, can reset the password.
To reset a password
Steps in this article may vary slightly based on the portal you start from.
Browse to Identity > Users > All users.
Select the user that needs the reset, then select Reset Password.
The Alain Charon - Profile page appears with the Reset password option.
In the Reset password page, select Reset password.
When using Microsoft Entra ID, a temporary password is auto-generated for the user. When using Active Directory on-premises, you create the password for the user.
Copy the password and give it to the user. The user will be required to change the password during the next sign-in process.
The temporary password never expires. The next time the user signs in, the password will still work, regardless how much time has passed since the temporary password was generated.
If an administrator is unable to reset the user's password, and the Application Event Logs on the Microsoft Entra Connect server has error code hr=80231367, review the user's attributes in Active Directory. If the attribute AdminCount is set to 1, this will prevent an administrator from resetting the user's password. The attribute AdminCount must be set to 0, in order for an administrators to reset the user's password.
After you've reset your user's password, you can perform the following basic processes:
- Add or delete users
- Assign roles to users
- Add or change profile information
- Create a basic group and add members
Or you can perform more complex user scenarios, such as assigning delegates, using policies, and sharing user accounts. For more information about other available actions, see Microsoft Entra user management documentation.