# Administrator-Initiated Manual Password Changes

### Overview

This guide describes how administrators can manually change or generate a new password for a domain user in Hideez Enterprise Server.

Manual password management is required when automatic password updates are not configured, or when immediate, one-time intervention is needed.

### Prerequisites

Before manually changing a user's password, ensure the following conditions are met:

1. You are logged in as a user with administrator rights in Hideez Enterprise Server.
2. [Integration with Active Directory is properly configured in Hideez Enterprise Server.](https://enterprise.hideez.com/hideez-server-integration/active-directory-on-premises)
3. The user must have a Hideez Key with one of the following statuses: [`"Ready"`](https://enterprise.hideez.com/hideez-enterprise-server/keys-management/keys-statuses#ready), [`"Active"`](https://enterprise.hideez.com/hideez-enterprise-server/keys-management/keys-statuses#active), or [`"Reserved"`](https://enterprise.hideez.com/hideez-enterprise-server/keys-management/keys-statuses#reserved).
4. [The workstation is joined to the Active Directory domain.](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domain)
5. [The Hideez Client is installed on the user’s workstation.](https://enterprise.hideez.com/hideez-client-app/windows-deployment/set-up-hideez-client-app)
6. [The workstation is approved in the Hideez Enterprise Server (see the *Workstations* section).](https://enterprise.hideez.com/hideez-enterprise-server/workstations/how-to-add-and-approve-workstations)

### Use Case: Resetting a Forgotten Password for a Domain User

An employee contacts IT support after being locked out of their domain account due to a forgotten password.\
The administrator needs to manually reset the password in Hideez Enterprise Server to restore access.

### Flow:

* The administrator opens the **Employees** section, finds the user, and clicks **Edit Password**.
* A temporary password is manually set or a new strong random password is generated.
* The new password is updated in the user's Active Directory account.
* When the Hideez Key is connected to the workstation, the new password is securely written to the key.
* The user logs in using the Hideez Key and can change their domain password through the Hideez Client interface.

{% hint style="info" %}
**Important:**\
After changing the password manually, neither the user nor the administrator will be able to view or retrieve the new password.
{% endhint %}

### Steps for Manual Password Change

**Step 1: Open the user profile**

* Navigate to the **Employees** section in Hideez Enterprise Server.
* Select the target user and click **Edit Password**.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FVaNw1UErjafTSY1r6ReU%2Fimage.png?alt=media&#x26;token=7ec47f12-f3ab-4fcd-862c-ccfdebe61af0" alt="" width="563"><figcaption></figcaption></figure>

**Step 2: Edit the account password**

Click **Edit password**, type the new password, confirm it, and then click **Save**.

<figure><img src="https://1669663611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FRdTysrljwe610dPFG7tE%2Fuploads%2FIYwicEGURKNdNk4Xd96A%2Fimage.png?alt=media&#x26;token=4fc221ab-ef7b-4b49-a7b5-a38df3d42465" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
**Additional Notes**

* The new password must not match any previously used passwords for the account.
* Your domain's password policy must allow password changes at the time of the operation (e.g., minimum password age policies may block immediate changes).
* In hybrid infrastructures, the password is updated both in on-premises Active Directory and Azure Active Directory (if synchronization is configured).
  {% endhint %}