> For the complete documentation index, see [llms.txt](https://enterprise.hideez.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://enterprise.hideez.com/hideez-server-integration/active-directory-on-premises/import-and-sync-users-from-active-directory-on-premises/administrator-initiated-manual-password-changes.md).

# Administrator-Initiated Manual Password Changes

### Overview

This guide describes how administrators can manually change or generate a new password for a domain user in Hideez Enterprise Server.

Manual password management is required when automatic password updates are not configured, or when immediate, one-time intervention is needed.

### Prerequisites

Before manually changing a user's password, ensure the following conditions are met:

1. You are logged in as a user with administrator rights in Hideez Enterprise Server.
2. [Integration with Active Directory is properly configured in Hideez Enterprise Server.](/hideez-server-integration/active-directory-on-premises.md)
3. The user must have a Hideez Key with one of the following statuses: [`"Ready"`](/hideez-enterprise-server/keys-management/keys-statuses.md#ready), [`"Active"`](/hideez-enterprise-server/keys-management/keys-statuses.md#active), or [`"Reserved"`](/hideez-enterprise-server/keys-management/keys-statuses.md#reserved).
4. [The workstation is joined to the Active Directory domain.](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domain)
5. [The Hideez Client is installed on the user’s workstation.](https://enterprise.hideez.com/hideez-client-app/windows-deployment/set-up-hideez-client-app)
6. [The workstation is approved in the Hideez Enterprise Server (see the *Workstations* section).](https://enterprise.hideez.com/hideez-enterprise-server/workstations/how-to-add-and-approve-workstations)

### Use Case: Resetting a Forgotten Password for a Domain User

An employee contacts IT support after being locked out of their domain account due to a forgotten password.\
The administrator needs to manually reset the password in Hideez Enterprise Server to restore access.

### Flow:

* The administrator opens the **Employees** section, finds the user, and clicks **Edit Password**.
* A temporary password is manually set or a new strong random password is generated.
* The new password is updated in the user's Active Directory account.
* When the Hideez Key is connected to the workstation, the new password is securely written to the key.
* The user logs in using the Hideez Key and can change their domain password through the Hideez Client interface.

{% hint style="info" %}
**Important:**\
After changing the password manually, neither the user nor the administrator will be able to view or retrieve the new password.
{% endhint %}

### Steps for Manual Password Change

**Step 1: Open the user profile**

* Navigate to the **Employees** section in Hideez Enterprise Server.
* Select the target user and click **Edit Password**.

<figure><img src="/files/xa5trkQ0lUunSrDnYis2" alt="" width="563"><figcaption></figcaption></figure>

**Step 2: Edit the account password**

Click **Edit password**, type the new password, confirm it, and then click **Save**.

<figure><img src="/files/KVDFpFIC8u4hUGGuvep4" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
**Additional Notes**

* The new password must not match any previously used passwords for the account.
* Your domain's password policy must allow password changes at the time of the operation (e.g., minimum password age policies may block immediate changes).
* In hybrid infrastructures, the password is updated both in on-premises Active Directory and Azure Active Directory (if synchronization is configured).
  {% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://enterprise.hideez.com/hideez-server-integration/active-directory-on-premises/import-and-sync-users-from-active-directory-on-premises/administrator-initiated-manual-password-changes.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.