MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Exchange 2016: Reset Password from EAC

If you ever wonder how to reset password from EAC then this blog will help you. It is a simplest thing which you can do from ADUC as well.

One of my customer wanted to enable this in the EAC so I did and sharing the step with the world in case you need to do in your infrastructure.

EAC does not show you the password reset option by default when you open the recipient properties.


We need to run through the following steps to enable the reset password option:

-Login to Exchange 2016 server and open Exchange management shell.

-Now run the following 3 commands one at a time.

    Add-pssnapin microsoft*

    Install-CannedRbacRoles

    Install-CannedRbacRoleAssignments


If you will not run these commands and go to the EAC to add permissions, then you will see this error and permissions will not be added.


-Login to EAC and go to permissions.

-Select the Admin role which you would like to assign reset password role permission. Then click on edit


-Click the +sign on the Roles. Select Reset Password and click add then ok & save. This should save the permissions.


-Now log out of EAC.

-Reopen the EAC and you should see this option in any recipient properties.


That’s it for this blog.

 

Prabhat Nigam

Microsoft MVP | CTO @ Golden Five

Team@MSExchangeGuru


8 Responses to “Exchange 2016: Reset Password from EAC”

  1. Aravind Says:

    Hi Prabhat,

    Nice article,thanks for sharing.

    Will it Work for Exchange 2013 as well.

    Regards,
    Aravind M

  2. Prabhat Nigam Says:

    Yes, it should.

  3. Rohit Bhasin Says:

    Yes it work for 2013 successfully.

  4. Vinayak Says:

    Hi Prabhat,

    I want to give our “IT Helpdesk” the rights to reset user password through EAC in Exchange 2013 for a Particular OU in Active Directory. How to do it? If I add “IT Helpdesk” AD login to “members” in “Organisation Management” then won’t Helpdesk also have other rights on the Exchange organization. Thanks in advance for your help.

  5. Prabhat Nigam Says:

    They should use ADUC and you should use delegation wizard in ADUC.

  6. Vinayak Says:

    Hi Prabhat,

    Thanks for your response. We want to give “reset password” feature through EAC only. I followed below given steps:

    1. Run 3 command mentioned in your article
    2. Under “Admin roles”, I created a New role group with following details :
    New Role Group Name : PasswordResetHelpdesk
    Write scope : OU : SalesUsers
    Roles : Reset Password
    Members : IT Helpdesk
    3. I open ADUC and delegate “password reset” permission on “SalesUsers” OU to the user “IT Helpdesk”

    4. Now I login to EAC using login “IT Helpdesk”. I try to reset the password of a user named “John” who is part of “SalesUsers” OU. When I put it in the new password and click “Save” button then I get the below error message :

    Recipient “xxx.com/John” couldn’t be read from domain controller “yyy.xxx.com”. This may be due to replication delays. Switching out of Forest mode should allow this operation to complete successfully.

    Do I need to add some other role in the above mentioned role group “PasswordResetHelpdesk” in EAC?

    Note : If I login to ADUC using “IT Helpdesk” login and try to reset the password of a user in “SalesUsers” OU then I am able to reset the password but when I use EAC console to reset the password then I get the above mentioned message.

    Thanks again in advance for your help.

  7. Eric Niemiec Says:

    Is there a way to see a list of non-mailboxes users in order to be able to reset their passwords? Seems like they would have a backdoor for something like this in Exchange.

    Thanks.

  8. Prabhat Nigam Says:

    you should use dsa.msc for it.

Leave a Reply

Categories

Archives

MSExchangeGuru.com