Configure Password Reset for Active Directory When the Orchestration Add-on plugin is activated, the Password Reset application can change passwords on an Active Directory credential store. The application changes passwords by referencing an Active Directory user role with the appropriate password change privileges. Before you begin Active Directory must have a user role with the following privileges: Descendent User objects: Reset password Read/Write pwdlastset Read/Write UserAccountcontrol Write Account Restrictions Read/Write lockouttime Read MemberOf Descendent Group objects: Read Members Read MemberOf Procedure Install MID Server on a Windows computer that can connect to Active Directory. Configure the MID Server. In the ServiceNow instance, navigate to Orchestration > Credentials. Click New and then complete the form with the following values for the credential. Type: Select Windows. User name: Enter your Active Directory domain user. For example, domain\admin. Password: Enter your Active Directory domain user password. Applies to: Select the MID Server that is used to access the Active Directory server. Click Submit. Create a credential store for Active Directory.