# Resetting and enabling an Amazon Managed Microsoft AD user's password Use the following procedure to reset an Amazon Managed Microsoft AD user's password to enable their account with user and group management or Amazon Directory Service Data in either the Amazon Web Services Management Console, Amazon CLI, Amazon Tools for PowerShell. **Before you begin either procedure, you need to complete the following:** + [Creating your Amazon Managed Microsoft AD](ms_ad_getting_started.md#ms_ad_getting_started_create_directory). + To use user and group management or Amazon Directory Service Data CLI, it must be enabled. For more information, see [Enable user and group management or Directory Service Data](ms_ad_users_groups_mgmt_enable_disable.md). + You can only enable this feature from the Primary Amazon Web Services Region for your directory. For more information, see [Primary vs additional Regions](https://docs.amazonaws.cn/directoryservice/latest/admin-guide/multi-region-global-primary-additional.html). + You'll need the necessary IAM permissions to use Amazon Directory Service Data. For more information, see [Amazon Directory Service API permissions: Actions, resources, and conditions reference](UsingWithDS_IAM_ResourcePermissions.md). To get started granting permissions to your users and workloads, you can use Amazon managed policies like [Amazon managed policy: AWSDirectoryServiceDataFullAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AWSDirectoryServiceDataFullAccess) or [Amazon managed policy: AWSDirectoryServiceDataReadOnlyAccess](security-iam-awsmanpol.md#security-iam-awsmanpol-AWSDirectoryServiceDataReadOnlyAccess). For more information, see [Security best practices in IAM](https://docs.amazonaws.cn//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies). + [Creating an Amazon Managed Microsoft AD user](ms_ad_create_user.md). ------ #### [ Amazon Web Services Management Console ] You can reset an Amazon Managed Microsoft AD user's password to enable their account in the Amazon Web Services Management Console. You can perform this task from either the **Directories** screen or **Directory details** screen. **Directories** 1. Open the Amazon Directory Service console at [https://console.amazonaws.cn/directoryservicev2/](https://console.amazonaws.cn/directoryservicev2/). 1. From the navigation pane, choose **Active Directory**, and then choose **Directories**. You're directed to the **Directories** screen where you can view a list of directories in your Amazon Web Services Region. 1. Choose **Actions**, and then choose **Reset user password and enable account**. 1. Under **User logon name**, enter the user logon name for the user whose password you want to reset. 1. Under **New password**, enter the user's new password. 1. Under **Confirm password**, enter user's new password again. 1. After you confirm the user's new password, choose **Reset password and enable account**. **Directory details** 1. Open the Amazon Directory Service console at [https://console.amazonaws.cn/directoryservicev2/](https://console.amazonaws.cn/directoryservicev2/). 1. From the navigation pane, choose **Active Directory**, and then choose **Directories**. You're directed to the **Directories** screen where you can view a list of directories in your Amazon Web Services Region. 1. Choose a directory. You're directed to the **Directory details** screen. 1. Choose **Users**. The tab shows a list of users in your directory. 1. Select the user whose password you want to reset. 1. Choose **Actions**, and then choose **Reset user password and enable account**. 1. Under **New password**, enter the user's new password. 1. Under **Confirm password**, enter user's new password again. 1. After you confirm the user's new password, choose **Reset password and enable account**. ------ #### [ Amazon CLI ] You can reset an Amazon Managed Microsoft AD use's password to enable their account with the Amazon Directory Service Data CLI. **Note** The reset user's password command uses `aws ds`. **To reset an Amazon Managed Microsoft AD user's password with the Amazon CLI** + To reset a user's password, open the Amazon CLI, and run the following command, replacing the Directory ID, username, and password with your Amazon Managed Microsoft AD Directory ID, username, and desired credentials: ``` aws ds reset-user-password --directory-id d-1234567890 --user-name "jane.doe" --new-password "your-password" ``` ------ #### [ Amazon Tools for PowerShell ] You can reset an Amazon Managed Microsoft AD use's password to enable their account with Amazon Tools for PowerShell. **To reset an Amazon Managed Microsoft AD user's password with Amazon Tools for PowerShell** + To reset a user's password, open the PowerShell, and run the following command, replacing the Directory ID, username, and password with your Amazon Managed Microsoft AD Directory ID, username, and desired credentials: ``` Reset-DSUserPassword -DirectoryId d-1234567890 -UserName "jane.doe" -NewPassword "your-password" ``` ------