Set-ADAccountPassword throws The operation failed because of a bad parameter when DN contains * character

Question

_{Thursday, August 25, 2016 8:30 PM}

I got following error when change password operation performed through powershell. DN name contains * character. How can i change password for testuser. Is there any alternate way to encode DN name. 

PS C:\Users\Administrator> Set-ADAccountPassword -Identity testuser
Please enter the current password for 'CN=testuser,OU=test*userOU,DC=test1,DC=com'
Password: ********
Please enter the desired password for 'CN=testuser,OU=test*userOU,DC=test1,DC=com'
Password: ***********
Repeat Password: ***********
Set-ADAccountPassword : The operation failed because of a bad parameter.
At line:1 char:1

• Set-ADAccountPassword -Identity testuser

    + CategoryInfo          : InvalidData: (testuser:ADAccount) [Set-ADAccountPassword], ADPasswordException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPasswo
   rd

I already tried 

$User = [ADSI]"CN=testuser,OU=test*userOU,DC=test1,DC=com"

$dn = $User.distinguishName

Got same error

I already tried

-encodedCommand . got Same error

All replies (3)

_{Friday, August 26, 2016 3:55 AM ✅Answered}

It is accepting when i removed * from test*userOU name. like testuserOU. Then it is working as excepted.

_{Thursday, August 25, 2016 8:37 PM}

The password is no valid for the account.  Use a valid password.

\(ツ)_/

_{Friday, August 26, 2016 9:26 AM}

Hi,

You could also do like this:

Set-ADAccountPassword 'CN=Jeremy Los,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "p@ssw0rd" -Force)

Best regards,

Andy_Pan

Please remember to mark the replies as an answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected].