Purpose of Knowledge Article:
Allow user to reset expired or forgotten Windows Active Directory Password (AD password).
Resolution:
Update/reset AD Password
Best Practice For Windows System User to change AD Password
You first must check if your computer is domain-joined or standalone as this will determine the best method you will use to update your AD password.
If your computer is domain-joined, start on step 2 and continue to step 3 only, if step 2 fails.
If your computer is standalone, start on step 3.
Use Windows built-in password change feature. You must be able login to your Windows Computer:
Requirements:
Steps: - Able to login to your Windows computer
- If you are not connected to the lab network with an ethernet cable or the lbnl-employee WiFi, you must connect to the lab VPN first- Login to the computer with your AD credential
- Click ctrl+alt+del on the keyboard and select Change a Password
- Type in your current AD password and pick your new AD password
- ONLY use AD Management tool if step 1 does not work, AD password expired, forgotten or your Windows computer is a standalone
Follow the instruction Reset AD Password below
Reset AD password
1 Go to https://adaccounts.identity.lbl.gov and login using your Berkeley Lab Identity credential Note: Using Google Chrome in Incognito is recommended 
2 Under the Password Expires column, click on Set for the account that you want to reset the password for 
3 Create a password that meets the requirement. Make sure to type the same password again in the Repeat password field 
4 Click Set Password 
5 You will get a message saying "Your account password has been set" 
Best Practice for Mac User to change AD Password
If you only use a mac computer, use AD Management tool and follow the Reset AD Password section above
- If you use a secondary Windows computer or have a Windows VM on your mac, follow instruction under Best Practice For Windows System User
Activate AD Account
To activate AD account, see Activate AD Account below
Activate AD Account
1 Go to https://adaccounts.identity.lbl.gov and login using your Berkeley Lab Identity credential Note: Using Google Chrome in Incognito is recommended 
2 Under the Status column, next to the word Inactive, click on the blue Activate link for the account you want to activate 
3 Create a password that meets the requirement. Make sure to type the same password again in the Repeat password field
Do not include your name or username in the password. It will give you an error.
4 Click on Activate 
5 You will get a message saying "Your account has been activated" 
Create AD Account
To create AD Service account, see Create AD Service Account below
Create a new AD service account
Most LBL staff have an AD service account that was created when they were hired. This tool is only used to request additional accounts under limited conditions. If you don't know if you need it, you probably don't.
1 Go to https://adaccounts.identity.lbl.gov and login using your Berkeley Lab Identity credential. Once logged in, click on "Add a new account" on the bottom left of the page Note: Using Google Chrome in Incognito is recommended 
2 Select the type of AD account you are creating
Go here to understand each account type
3 Type in the username you want to use 
4 Enter the two sponsor for the AD account, one in each field. You can search for the sponsor by using their name or username
Add the sponsor by typing the first name, last name or username.
5 Create a new password that meets the requirement. Make sure to type the same password again in the Repeat password field 
6 Click Create 
7 You will get a message on the top saying "Your account "username" was created" 
For some AD account types, you will need to wait for OU Admin to assign the correct permissions and move the account to the correct OU before the account becomes accessible. Email your OU Admin and provide them your LBL AD account and the account you just created so they can help process the request. If you do not know who your OU admin is, email help@lbl.gov with your LBL AD account and the account you just created.
