Page tree
Viewable by the world
Skip to end of metadata
Go to start of metadata

Purpose of Knowledge Article:

To guide users to reset expired or forgotten Windows Active Directory Password (AD password).

If you are looking for help with Local User Account on Windows 10. See Local User Account on Windows 10.

Resolution:


Update/reset AD Password

Best Practice For Windows System User to Change AD Password  

  1. You first must check if your computer is domain-joined or standalone. This will determine the best method you will use to update your AD password.

    Check if a Windows System is Domain-joined or Standalone
    1Right-click on the Start Menu button

    2Select System
    3

    On the About page, under the Device Specifications. Look at the Full device name line and if you see:

      1. YourComputerName.lbl.gov - this means your computer is domain-joined

        OR

      2. YourComputerName - this means your computer is standalone

    a.


    b.

    If your computer is domain-joined, start on Step 2. Continue to Step 3 only if Step 2 fails.

    If your computer is standalone, start on Step 3.
      

  2. Use Windows built-in password change feature. You must be able to log in to your Windows Computer:

    Requirements:

    Steps:
    • Able to log in to your Windows computer.
    • If you are not connected to the lab network with an ethernet cable or the lbnl-employee WiFi, you must connect to the Lab VPN first.
    1. Log in to the computer with your AD credential
    2. Click ctrl+alt+del on the keyboard and select Change a Password
    3. Type in your current AD password and pick your new AD password

    space

  3. Use https://password.lbl.gov/ and select "I would like to change my Windows Active Directory (AD) password".
    • You must know your current AD password.

  4. ONLY use the AD Management tool if the above steps do not work, the AD password is expired, forgotten or your Windows computer is standalone.
    • Follow the instruction Reset AD Password below and connect to the Lab VPN before starting if you are not on lbnl-employee WiFi or hard-wired to the lab network.

      Reset AD password

      1Go to https://adaccounts.identity.lbl.gov and log in using your Berkeley Lab Identity credential Note: Using Google Chrome in Incognito is recommended

      2Under the Password Expires column, click on Set for the account that you want to reset the password for

      3Create a password that meets the requirement. Make sure to type the same password again in the Repeat password field

      4Click Set Password

      5You will get a message saying "Your account password has been set"


Best Practice for Mac User to change AD Password



Activate AD Account

  • To activate AD account, see Activate AD Account below

    Activate AD Account


    1Go to https://adaccounts.identity.lbl.gov and log in using your Berkeley Lab Identity credential Note: Using Google Chrome in Incognito is recommended

    2Under the Status column, next to the word Inactive, click on the blue Activate link for the account you want to activate

    3

    Create a password that meets the requirement. Make sure to type the same password again in the Repeat password field

    Do not include your name or username in the password. It will give you an error.

    4Click on Activate

    5You will get a message saying "Your account has been activated"


Create AD Service Account

  • Most LBL staff have an AD service account that was created when they were hired. This tool is only used to request additional accounts under limited conditions.
  • If you don't know if you need it, you probably don't.
  • To create an AD Service account, see Create AD Service Account below

    Create a new AD service account


    • Most LBL staff have an AD service account that was created when they were hired. This tool is only used to request additional accounts under limited conditions.
    • If you don't know if you need it, you probably don't.
    1Go to https://adaccounts.identity.lbl.gov and log in using your Berkeley Lab Identity credential. Once logged in, click on "Add a new account" on the bottom left of the page Note: Using Google Chrome in Incognito is recommended

    2

    Select the type of AD account you are creating

    Go here to understand each account type

    3Type in the username you want to use

    4

    Enter the two sponsors for the AD account, one in each field. You can search for the sponsor by using their name or username

    Add the sponsor by typing the first name, last name, or username.

    5Create a new password that meets the requirement. Make sure to type the same password again in the Repeat password field

    6Click Create

    7You will get a message on the top saying "Your account "username" was created"

    For some AD account types, you will need to wait for OU Admin to assign the correct permissions and move the account to the correct OU before the account becomes accessible. Email your OU Admin and provide them with your LBNL AD account and the account you just created so they can help process the request. If you do not know who your OU admin is, email [email protected] with your LBL AD account and the account you just created.