Reset AD User Password -Action

Sravani36
Tera Expert

‎11-17-2022 10:29 PM - edited ‎11-17-2022 10:42 PM

Hi we are using Reset AD User Password Action in the flow , whenever this flow getting executed it is showing success status without any error message. but when user tries too login with the new password he is getting an error with wrong password.

 

Sravani36_0-1668752913389.png

 

0 Helpfuls
  • 744 Views
7 REPLIES 7

Nandhu1704
Tera Contributor

‎02-25-2025 07:37 PM

Hi, I'm facing the same issue. Have you fixed this? If yes, could you please say how you have fixed it? 

0 Helpfuls

Dinesh90
Tera Contributor
In response to Nandhu1704

‎07-24-2025 12:25 AM

@Nandhu1704 : were you able to fix this ? can you please let me know also

0 Helpfuls

AJ-TechTrek
Giga Sage
Giga Sage

‎07-24-2025 06:39 AM

Hi @Sravani36 ,

 


This usually happens when:
1. The password change is submitted to AD but silently fails (e.g., due to policy).
2. AD accepts the password change but the password doesn’t meet domain password policy.
3. The AD account might still be locked, disabled, or expired.
4. Replication delay between domain controllers.
5. The ServiceNow MID server or account used for reset has insufficient permissions.

 

Solution / troubleshooting:


1.Verify the password policy
* Check domain password policy (e.g., complexity, history, length).
* Confirm that Qwertyasdf123# actually meets the domain policy.
* Test resetting the password manually in Active Directory Users & Computers with the same password.

 

2. Enable “Do not treat as error” properly
Your screenshot shows:
Don't Treat as Error: true
Set it to false temporarily.
This forces the action to fail the flow if the AD reset really failed, and gives a real error message instead of silently marking it as "success".

 

3. Capture detailed logs
* In the flow, add a Log action immediately after the password reset step:
* Log the output variables: Action Status, Error Message, etc.
* Check if the returned Action Status JSON actually contains a hidden error (e.g., {code:1, message:"Some error"}).

 

4. Check MID server and integration account permissions
* Confirm the integration account used in the AD connector has:
* Reset password permission.
* Write permissions on the user object.
* Check if the user object has specific delegation restrictions.

 

5. Check account state before and after reset
* Make sure the user account is:
* Enabled
* Not locked
* Not expired

 

6. Check AD replication
* Confirm the password is actually being written to the correct domain controller.
* Test if the user can login to the same DC where the password was changed.

 

7. Use test user
* Create a test AD account.
* Reset the password using the flow and try login immediately.

 

My Suggestion as Additional recommendations:
* After password reset, consider adding these steps in the flow:
* Unlock the user account.
* Force password change at next login (optional).

 

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
 
Thank You
AJ - TechTrek with AJ
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
ServiceNow Community MVP 2025

0 Helpfuls