This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Dear Experts,
we created AD users from on premises, sync them to the cloud then enabled SSPR and password writeback, MFA. Here is the scenario when using Powershell script:
User logs in with expired password (or recently changed temporary password) and is notified they have to change the password. On the next screen, the user is prompted to enter their old password, new password, and confirm password. User completes, but gets an error message ("Try again - that's not your current password."). Specifically, error code is 120000. No matter what the user does, the password does not work.
If I used AAD portal, find the user, click RESET Password, this works just expected. And here is my script:
# Connect to Azure AD
Connect-AzureAD
# Path to the CSV file
$csvPath = "C:\test.csv"
# Read the CSV file
$users = Import-Csv -Path $csvPath
# Iterate through each user in the CSV
foreach ($user in $users) {
# Retrieve the user's email address and password from the CSV columns
$email = $user.EmailAddress
$newPassword = $user.NewPassword
# Get the user's ObjectId by mapping their email address
$userObj = Get-AzureADUser -Filter "userPrincipalName eq '$email'"
$objectId = $userObj.ObjectId
if ($objectId) {
# Reset the user's password in Azure AD
Set-AzureADUserPassword -ObjectId $objectId -Password (ConvertTo-SecureString -String $newPassword -AsPlainText -Force) -ForceChangePasswordNextLogin $True
# Display the email and new password
Write-Output "Password reset for user: $email"
Write-Output "New password: $newPassword"
} else {
Write-Output "User with email address $email not found in Azure AD."
}
}
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello,
It seems that you are experiencing an issue with password reset when using a PowerShell script. The error message you mentioned ("Try again - that's not your current password.") indicates that there is an issue with the user's current password validation during the password reset process.
To troubleshoot this issue, here are a few suggestions:
Verify the user's current password: Double-check that the user's current password is correctly provided in the script. Ensure that the password is captured and passed accurately to the Set-AzureADUserPassword cmdlet. If there are any leading or trailing spaces, they can cause password validation failures.
Validate the script's execution environment: Ensure that the PowerShell script is running on a system with the necessary prerequisites and compatible modules. Make sure you have the latest version of AzureAD PowerShell module installed. You can check this by running the Get-InstalledModule cmdlet to see if the AzureAD module is present and up to date.
Test password reset with a single user: To isolate the issue, try running the script for a single user manually and observe the output. This can help identify if the issue is specific to a particular user or a general problem with the script.
Check Azure AD Password Policies: Review the Azure AD password policies, such as password complexity requirements, password history, or any other custom policies you may have configured. Ensure that the new password being set meets these requirements to avoid any validation failures.
Monitor Azure AD logs: Monitor the Azure AD logs for any relevant error messages or additional details that can shed light on the cause of the issue. The logs may provide more specific information about the validation failure or any other related errors.
If the issue persists, consider reaching out to Microsoft Azure Support for further assistance. They can provide more in-depth troubleshooting and help diagnose the problem based on your specific environment and configuration.
I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 67%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
I have a similar problem, although I am using Power Automate and Microsoft Graph to accomplish the same thing: Resetting users' passwords and setting ForceChangePasswordNextLogin to true.
After this is done, my users can sign in using the new password. BUT when they are prompted to change their password, they get "Try again, that's not your current password."
The only way to get past this point is to enter the OLD (before the reset) password as the "Current password," only then can the user set a new password.
It appears that both the PowerShell command and the Graph API are failing to populate the new password into wherever the Change Password experience looks up the "Current Password."
sorry my friend, if chatgpt could solve my problem I wouldn't have asked here:(
Dear @Anonymous
Thanks a lot for your sharing, I didn't expect the old password could be the "Current password". In my scenario, I used this kind of script for new account creation, so my old passwords were created in on-prem AD, I'm not sure if that could be the "current password" but I will definitely try it tomorrow then update this post.
Thanks again.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Hi @Eaven HUANG , Just checking to see if you were able to test this?
Hi @Eaven HUANG , were you able to resolve your issue?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 50%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
if changing on AD prem wait 15 minutes and try again
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 95%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
Was this resolved? I have the same problem
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 86%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
This happened where I work, too.
Although we weren't changing passwords using PowerShell, we found that when we change a user's password in Microsoft 365 Admin Center, the user gets the error "Try again--that's not your current password and Error Code: 120000" but if we change it using Microsoft Azure or Microsoft Entra Admin Center, it works just fine every time. We have tested this many times since this issue occurred.
I hope this helps someone out there who has also experienced the wrath of (understandably) frustrated users who encounter this error.
This happened where I work, too.
Although we weren't changing passwords using PowerShell, we found that when we change a user's password in Microsoft 365 Admin Center, the user gets the error "Try again--that's not your current password and Error Code: 120000" but if we change it using Microsoft Azure or Microsoft Entra Admin Center, it works just fine every time. We have tested this many times since this issue occurred.
I hope this helps someone out there who has also experienced the wrath of (understandably) frustrated users who encounter this error.