Grant Rights to Reset Passwords and Unlock Accounts


To reset passwords and unlock user accounts in Active Directory, users must have the following permissions:

  • Reset Password
  • Write Lockout-Time Property

In this tutorial, you will learn how to add the permissions to an existing Security Role.


  1. Launch Adaxes Administration Console.
    Expand Adaxes service \ Configuration \ Security Roles and select the Security Role you want to modify.


  2. In the Permissions section located to the right, click Add.

  3. In the Add Permissions dialog, do the following:

    • Select User in the list of object types on the left.
    • In the General permissions list, check the Reset Password permission in the Allow column.
    • In the Property-specific permissions list, check the Write Lockout-Time permission in the Allow column.

    • Click OK.
  4. Click Save changes.

Account Options

If the Reset Password operation is configured in such a way that users can change only the User must change password at next logon option, the Reset Password permission is enough and no additional rights are required.


However, if you want users to be able to change the User cannot change password and Password never expires options as well, you need to grant them additional rights.


For details, see Grant Rights to Modify Account Options.


Open tutorial filtering

Got questions?
Support Forum