diff --git a/changelog.d/6730.bugfix b/changelog.d/6730.bugfix
new file mode 100644
index 0000000000000000000000000000000000000000..beb444ca66adcfe85aee22ffbefe390ca07a1772
--- /dev/null
+++ b/changelog.d/6730.bugfix
@@ -0,0 +1 @@
+Fix changing password via user admin API.
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index 574cb90c74ff758d5db3f04270e6567de5892c94..c178c960c5c0226fe3dcedb4c62a042f58a0bb99 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -193,8 +193,8 @@ class UserRestServletV2(RestServlet):
                     raise SynapseError(400, "Invalid password")
                 else:
                     new_password = body["password"]
-                    await self._set_password_handler.set_password(
-                        target_user, new_password, requester
+                    await self.set_password_handler.set_password(
+                        target_user.to_string(), new_password, requester
                     )
 
             if "deactivated" in body:
diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py
index 7352d609e6c10c0a7e59494b957f6329d163355a..8f09f51c61abe997d00fb4cd12afcb862e5c5f58 100644
--- a/tests/rest/admin/test_user.py
+++ b/tests/rest/admin/test_user.py
@@ -435,6 +435,19 @@ class UserRestTestCase(unittest.HomeserverTestCase):
         self.assertEqual(0, channel.json_body["is_guest"])
         self.assertEqual(0, channel.json_body["deactivated"])
 
+        # Change password
+        body = json.dumps({"password": "hahaha"})
+
+        request, channel = self.make_request(
+            "PUT",
+            self.url,
+            access_token=self.admin_user_tok,
+            content=body.encode(encoding="utf_8"),
+        )
+        self.render(request)
+
+        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
+
         # Modify user
         body = json.dumps({"displayname": "foobar", "deactivated": True})