Set-ADAccountPassword : Access is denied

Hi

I run PS as Admin but unable to run this command
Set-ADAccountPassword : Access is denied

do you know why is that?

It’s pretty likely that the account you’re using to change the password does not have access. :wink: Could you elaborate a little more detailed what you want to do?

hi yes sure
I’m trying to run this script:


$SamAccountName= Read-Host -Prompt 'Please Enter Username' 

 while ($SamAccountName -ne 'exit')
    {
    if ($SamAccountName -eq "" -or $SamAccountName -eq "\" -or $SamAccountName -eq "/" )
    {
    
      Write-Host -ForegroundColor Magenta - "Username can't be blank or used by special characters and spaces!"  
    }
    else
    {
Set-ADAccountPassword $SamAccountName -Reset -NewPassword (ConvertTo-SecureString -AsPlainText “123456” -Force -Verbose) –PassThru

   

}
$SamAccountName= Read-Host -Prompt 'Please Enter Username' 
}



Read-Host -Prompt 'Press Enter to Exit 


sometimes its working sometimes not because of the access error 

If it’s not failing all the time it’s pretty unlikely that the code causes the issue. I think there is little to no chance we can help you with this in a forum like this. Sorry.
It will be up to you to check the permissions in those cases you get the error with.

Another thing to look at is your Domain Controllers. Try specifying a domain controller using the -Server parameter, especially if you you have Read-Only Domain Controllers (RODC) or hybrid on-prem\cloud environments. Have had times where certain DC’s would not allow SET operations.

Tried that not working still sometimes its fine and sometimes not
“Set-ADAccountPassword : Access is denied”
this is the error

Two other things to check:

  • Password policy - setting the same password that is already set on an account could hit password policies

  • Delegated permission - if users are in a certain OU are getting the error, it could be delegated permssions

As @Olaf stated, it’s not a Powershell issue, this is likely a AD permissions issue that we could sit here and guess at. Narrow down what accounts are having the issue. Try changing the password and setting that account, does it work, if so it’s password policy and you need to do a randomly generated password. Can you set the password in the AD management for that user in the GUI?

1 Like