Script repository

Reset user password in resource domain

Updated on: Jan 18, 2026, Views: 3827

User accounts

The script resets the password of an account that corresponds to the target user in the resource domain. To execute the script, create a business rule triggering After changing password of a user or After resetting password of a user.

For the script to work, the accounts must have the same username (sAMAccountName) or Full Name (cn).

In the script, the $domainDN variable specifies the distinguished name (DN) of the resource domain. For information on how to get the DN, see Get the DN of a directory object.

$domainDN = "DC=domain,DC=com" # TODO: modify me

# Search parameters
$searcher = $Context.BindToObjectByDN($domainDN)
$searcher = New-AdmCriteria "user" -Expression {(sAMAccountName -eq "%username%") -or (cn="%fullname%")}
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SizeLimit = 2

try
{    
    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    if ($searchResults.Length -eq 0)
    {
        $Context.LogMessage("Cannot reset password of the user account in the secondary domain because the user doesn't have an account in the secondary domain.", "Warning")
        return
    }
    elseif ($searchResults.Length -gt 1)
    {
        $Context.LogMessage("Found more than one account for the user in the secondary domain", "Warning")
        return
    }
    
    # Set the password
    $user = $Context.BindToObject($searchResults[0].AdsPath)
    $user.SetPassword("%unicodePwd%")
}
finally
{
    # Release resources
    $searchResultIterator.Dispose()
}

Comments 0

You must be signed in to comment.

    Got questions?

    Support Questions & Answers

    We use cookies to improve your experience.
    By your continued use of this site you accept such use.
    For more details please see our privacy policy and cookies policy.