You can reset the user password using the Exchange Control Panel (ECP) also known as Exchange admin center (EAC) in Exchange Server 2013, 2016 and 2019. For Exchange 2010 and below, it is not possible and you have to log in to server and do it.
Let me introduce you to the RBAC!
Microsoft Exchange Server includes a large set of predefined permissions, based on the Role-Based Access Control (RBAC) permissions model, which you can use right away to easily grant permissions to your administrators and users. You can use the permissions features in Exchange Server so that you can get your new organization up and running quickly.
OK, let’s get started!
1. Before you can add the “Reset Password” role, you need to install it. Let’s see if this role is installed by default :
Run Get-ManagementRole "reset password"
The operation couldn't be performed because object 'reset password' couldn't be found on 'Exchange Server FQDN'. + CategoryInfo : NotSpecified: (:) [Get-ManagementRole], = ManagementObjectNotFoundException + FullyQualifiedErrorId : F1EF706,Microsoft.Exchange.Management.RbacTasks.GetManagementRole
Notice by default, this role is not installed. Let's install it now.
2. Launch Exchange Management shell.
Type Add-pssnapin microsoft* and hit enter.
Type Install-CannedRbacRoles and hit enter.
Type Install-CannedRbacRoleAssignments and hit enter.
Close and relaunch EMS.
3. Verify if the changes took effect.
Run Get-ManagementRole “reset password”
If you performed step 2 correctly, you should see the new role as shown above
4. Now, we will add the reset password role to the Help Desk group.
New-ManagementRoleAssignment -SecurityGroup “Help Desk” -Role “Reset Password”
You can also do this using the ECP as well.
5. Next, open the EAC. For example: https://yourcompany.com/ecp
6. Click on Recipients, select a user and click Edit and on General tab, check Reset the password for this mailbox to change the password.
Note: The user you are using to log in to the EAC must be a member of the Help Desk group or whichever group you assign the Reset Password role. You can perform this using the AD Users and Computers Console.7. You are done!