Resetting Passwords

Standard reset (single approval)

Open the Users page and find the account.
Click the account row to select it.
In the action panel, disengage the safety lock.
Click Reset password.
In the dialog:
- Enter the new password in both fields, or click Generate to create a random strong password.
- Check Must change password at next logon if you want the user to set their own password on first login (recommended).
Click Reset.

DirWarden sets the password in Active Directory and records the operation in the audit log. The user can log in with the new password immediately.

When an Administrator has configured an approval threshold (e.g. “require approval for password resets”), the flow adds a second confirmation step:

Complete steps 1–6 above. Instead of applying immediately, DirWarden opens a Pending approval dialog.
A second person with Operator or Administrator role must open Settings → Pending approvals, find the request, and click Approve.
Once approved, DirWarden applies the reset and logs both the request and the approval with separate audit entries.

If no one approves within the configured timeout (default: 30 minutes), the request expires and must be re-submitted.

Option	Effect
Must change at next logon	User is forced to set a new password at their next login. The temporary password you set is one-time use only.
Generate password	Creates a random password meeting the domain password policy (length, complexity).
Manual password	You enter a password. DirWarden validates it against the domain policy before submitting.

Error	Cause
”Password does not meet complexity requirements”	The password you entered does not satisfy the domain password policy. Use Generate or choose a stronger password.
”Access denied”	The AD service account does not have Reset Password permission on the target OU. Ask your Administrator to delegate the right.
”Account not found”	The account was deleted or moved since the user list was last loaded. Refresh the list with F5.