Change AD User Password activity

The Change AD User Password activity changes the password for an Active Directory user account.

This activity requires the user's current password to run, unlike the Reset AD User Password activity. If the new password violates any Active Directory password requirements, such as length or character combinations, the activity fails and returns the appropriate error message. This error message appears in the ECC queue and in hint text when a user points to the activity in the workflow editor.

To access this activity in the workflow editor, select the Custom tab, and then navigate to Custom Activities > Active Directory.
Note: This activity replaces an AD activity by the same name available in prior releases. If you have a workflow that uses the deprecated activity, your workflow will continue to work normally after upgrading to Instanbul. However, all new workflows must use the custom version of this activity, which was built with the PowerShell activity designer.

Input variables

Table 1. Change AD User Password input variables
Variable Description
DomainController IP address of the domain controller machine.
User The sAMAccountName of the Active Directory user account.
New_password The new password to assign this user.
Old_password The user's current password.

Output variables

Table 2. Change AD User Password output variables
Variable Description
result One of the following outcomes:
  • failure
  • success
  • Policy Failure
  • Incorrect old password
errorMessage The executionResult.errorMessages from the Activity designer parsing sources.
hresult Powershell command result.


The activity provides the following conditions:
Table 3. Change AD User Password conditions
Condition Description
Success Password successfully reset.
Policy Failure Password does not comply with the organization's Active Directory requirements.
Incorrect old password Password being changed was not entered correctly.
Failure An error occurred while attempting to change the password. Additional details may be available in the workflow log.

Active Directory credentials with LDAP

If you are using an LDAP Server with MID Servers, note that Orchestration and Active Directory activities do not use the user name and password configured on LDAP Servers. You must create a Windows type orchestration credential record. The username and password in the credentials record is used for LDAP queries that Orchestration and workflow activities perform.