Hi,
What's the error message when you tried to change the password?
Based on my test, user password can be performed on other DCs in the domain even can't connect to the PDC.
So, you may try to confirm the ports used to change the password on the clients and DCs in the DMZ.
Following information about the ports for your reference:
https://techgenix.com/domain-controllers-required-ports/
This response contains a third-party link. We provide this link for easy reference. Microsoft cannot guarantee the validity of any information and content in this link.
Best Regards,