Set-ADAccountPassword Raises Error if DN of Account has "*" Character
The Set-ADAccountPassword cmdlet raises an error if the distinguished name of the account includes the asterick character, "". The error is raised even if you identify the user by sAMAccountName (astericks are not allowed in sAMAccountName values). It does not help to identify the user by distinguished name, even if you escape the "" character, whether you escape with the backtick "`", the backslash "", or using the 2 character ASCII hexadecimal equilvalent "\2A". The only workaround found is to bind to the account using the [ADSI] accelerator and invoke the SetPassword method.
Assuming the user "cn=Will * Johnson" exists, the following PowerShell script using the AD modules fails:
$Pwd = (ConvertTo-SecureString -AsPlainText "xYz48474w" -Force)
$User = [ADSI]"LDAP://cn=Will * Johnson,ou=Sales,ou=West,dc=MyDomain,dc=com"
$Name = $User.sAMAccountName
Set-ADAccountPassword -Identity $($Name) -NewPassword $Pwd -Reset
Error: Set-ADAccountPassoword : The operation failed because of a bad parameter.
Moving to Active Directory, since this is an AD cmdlet and not a PowerShell-owned cmdlet.