Sorry, search feature is not supported in Internet Explorer 11

Reset user password

Resets the password of a user account.

POST ~/api/directoryObjects/resetPassword

Request parameters

This request has no parameters.

Request headers

  • Name

  • Required

  • Description

  • Adm-Authorization

  • True

  • Specify the security token obtained during authentication.

  • Content-Type

  • True

  • Use application/json as the value of this header.

Request body

The request body is a JSON object with the following data structure:

{
    "directoryObject": "<objectId>",
    "password": "<newPassword>",
    "options": {
        "cannotChangePassword": <true|false|null>,
        "mustChangePassword": <true|false|null>,
        "passwordNeverExpires": <true|false|null>
    },
    "unlockAccount": <true|false>

}

directoryObject string
The identifier of the user account whose password to reset. A user account can be identified by:

 Distinguished name (DN) {.black}
# Example
CN=John Smith,CN=Users,DC=example,DC=com
 Globally unique identifier (GUID) {.black}
# Example
7a4267ce-d354-44e7-8bd6-c681f1284a41
 Security identifier (SID) {.black}
# Example
S-1-5-21-3635565734-1729062999-1822655016-1627

password string
New password value.


options, optional
Specifies whether to change any account options after resetting the password.

 Show attributes {.black}

options.cannotChangePassword bool
Specify true or false to set or clear the User cannot change password flag, or specify null to avoid changing the current value.


options.mustChangePassword bool
Specify true or false to set or clear the User must change password at next logon flag, or specify null to avoid changing the current value.


options.passwordNeverExpires bool
Specify true or false to set or clear the Password never expires flag, or specify null to avoid changing the current value.


unlockAccount bool, optional
Specify true to unlock the account after resetting the password.


Responses

If successful, returns 200 OK status code and an operation result in the response body. Otherwise, returns one of the common HTTP error codes and an error description in the response body.

Examples

 Example 1: Reset user's password and unlock account

The following code sample resets the password of a user account and unlocks their account if it is locked.

Request

PowerShell
$userIdentifier = "CN=John Smith,CN=Users,DC=example,DC=com"

$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/resetPassword"
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD"}
$requestBody = ConvertTo-Json @{
    "directoryObject" = $userIdentifier;
    "password" = "MyNewPassword";
    "unlockAccount" = $True
} 

# Make request
Invoke-RestMethod -Method POST -Headers $requestHeaders -Uri $requestUrl `
    -Body $requestBody -ContentType "application/json"
C#
using System;
using System.Text;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {   
        const string baseUrl = "https://host.example.com/restApi";
        const string endpoint = "/api/directoryObjects/resetPassword";
        const string token = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD";
        
        // Create JSON request body
        string jsonRequest = @"
        {
            'directoryObject': 'CN=John Smith,CN=Users,DC=example,DC=com',
            'password': 'MyNewPassword',
            'unlockAccount': true
        }";
        StringContent requestBody = new StringContent(
            jsonRequest, Encoding.UTF8, "application/json");

        // Initialize HTTP client
        using (HttpClient client = new HttpClient())
        {
            client.DefaultRequestHeaders.Add("Adm-Authorization", token);

            // Make request
            HttpResponseMessage response = await client.PostAsync(
                baseUrl + endpoint, requestBody);
            string responseBody = response.Content.ReadAsStringAsync().Result;
            Console.WriteLine(responseBody);
        }
    }
}
cURL
curl  --header 'Adm-Authorization: HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD' \
--header 'Content-Type: application/json' \
--request POST 'https://host.example.com/restApi/api/directoryObjects/resetPassword' \
--data-raw '{
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "password": "MyNewPassword",
    "unlockAccount": true
}'
node.js
var https = require('https');

// Request parameters and headers
var options = {
    'method': 'POST',
    'hostname': 'host.example.com',
    'path': '/restapi/api/directoryObjects/resetPassword',
    'headers': {
        'Adm-Authorization': 'HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD',
        'Content-Type': 'application/json'
    }
};

// Create JSON request body
var postData = `
{
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "password": "MyNewPassword",
    "unlockAccount": true
}`;

// Make request
var req = https.request(options, function (res) {
    var chunks = [];

    res.on("data", function (chunk) {
        chunks.push(chunk);
    });

    res.on("end", function (chunk) {
        var body = Buffer.concat(chunks);
        console.log(body.toString());
    });

    res.on("error", function (error) {
        console.error(error);
    });
});

req.write(postData);

req.end();

Response

HTTP Status code: 200 OK
Response body:

{
    "resultType": 0,
    "innerMessages": [],
    "exception": null,
    "actualObjectDN": "CN=John Smith,CN=Users,DC=example,DC=com",
    "extraInfo": {}
}
 Example 2: Reset user's password and force to change it at next logon

The following code sample resets the password of a user account and sets the User must change password at next logon flag.

Request

PowerShell
$userIdentifier = "CN=John Smith,CN=Users,DC=example,DC=com"

$baseUrl = "https://host.example.com/restApi"
$endpoint = "/api/directoryObjects/resetPassword"
$requestUrl = $baseUrl + $endpoint
$requestHeaders = @{"Adm-Authorization" = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD"}
$requestBody = ConvertTo-Json @{
    "directoryObject" = $userIdentifier;
    "password" = "MyNewPassword";
    "options" = @{
       "mustChangePassword" = $True 
    }
} 

# Make request
Invoke-RestMethod -Method POST -Headers $requestHeaders -Uri $requestUrl `
    -Body $requestBody -ContentType "application/json"
C#
using System;
using System.Text;
using System.Net.Http;
using System.Threading.Tasks;

class Program
{
    static async Task Main()
    {   
        const string baseUrl = "https://host.example.com/restApi";
        const string endpoint = "/api/directoryObjects/resetPassword";
        const string token = "HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD";
        
        // Create JSON request body
        string jsonRequest = @"
        {
            'directoryObject': 'CN=John Smith,CN=Users,DC=example,DC=com',
            'password': 'MyNewPassword',
            'options': {
                'mustChangePassword': true
            }
        }";
        StringContent requestBody = new StringContent(
            jsonRequest, Encoding.UTF8, "application/json");

        // Initialize HTTP client
        using (HttpClient client = new HttpClient())
        {
            client.DefaultRequestHeaders.Add("Adm-Authorization", token);

            // Make request
            HttpResponseMessage response = await client.PostAsync(
                baseUrl + endpoint, requestBody);
            string responseBody = response.Content.ReadAsStringAsync().Result;
            Console.WriteLine(responseBody);
        }
    }
}
cURL
curl  --header 'Adm-Authorization: HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD' \
--header 'Content-Type: application/json' \
--request POST 'https://host.example.com/restApi/api/directoryObjects/resetPassword' \
--data-raw '{
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "password": "MyNewPassword",
    "options": {
        "mustChangePassword": true
    }
}'
node.js
var https = require('https');

// Request parameters and headers
var options = {
    'method': 'POST',
    'hostname': 'host.example.com',
    'path': '/restapi/api/directoryObjects/resetPassword',
    'headers': {
        'Adm-Authorization': 'HxtdAPz73OFfae7....w7lQvxjJHIbVqgkCtPtLD',
        'Content-Type': 'application/json'
    }
};

// Create JSON request body
var postData = `
{
    "directoryObject": "CN=John Smith,CN=Users,DC=example,DC=com",
    "password": "MyNewPassword",
    "options": {
        "mustChangePassword": true
    }
}`;

// Make request
var req = https.request(options, function (res) {
    var chunks = [];

    res.on("data", function (chunk) {
        chunks.push(chunk);
    });

    res.on("end", function (chunk) {
        var body = Buffer.concat(chunks);
        console.log(body.toString());
    });

    res.on("error", function (error) {
        console.error(error);
    });
});

req.write(postData);

req.end();

Response

HTTP Status code: 200 OK
Response body:

{
    "resultType": 0,
    "innerMessages": [],
    "exception": null,
    "actualObjectDN": "CN=John Smith,CN=Users,DC=example,DC=com",
    "extraInfo": {}
}

See also