Users with the system permission Manage users and user groups (0) can request a new password for another users. This will reset the user's password to a new randomly generated password. The new password will then be sent to the e-mail address stored with the user account. A password can therefore only be reset if an email address is specified for the user.

The user who is requesting the password reset cannot set a specific password, and the random password that the system chooses is never shown to the user who is requesting the reset. Therefore the only one who knows the password is the user himself.

A user cannot request a reset of his own password. See changing password for information on how to change your own password.

The new password assigned to a user when a password reset is requested will conform to the set password quality rules. The newly generated password will have a minimum length of 8, regardless of the global setting for Password quality: Minimum length.

The Application Server will set the new password as expired, thus forcing the user to change his password on the next login.