question

AP-4545 avatar image
0 Votes"
AP-4545 asked AP-4545 commented

Changing Password from Member Server

I have a member server that has users & web admins, it is joined to the domain controller. We would like to allow users to be able to change their own domain passwords from the member server. Achieve this by doing the ctrl+alt+del > Change Password. Entering in their old password & a new one. However, here is the issue, once they enter a new password > they get "Access is Denied".

I checked the advanced settings for each user & the Change & Reset Password boxes are enabled. I also ensured that the accounts do not have the check box for "User cannot change password"

Any suggestions?

windows-serverwindows-active-directorywindows-server-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ManuPhilip avatar image
0 Votes"
ManuPhilip answered AP-4545 commented

In advanced feature on Active Directory Users and Computers make sure 'SELF' has change password permission as shown below:
163801-image.png



image.png (116.7 KiB)
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I’ve attempted this, no luck

0 Votes 0 ·

After setting this wait for sometime to finish replication and try again

0 Votes 0 ·

I gave it a full 24 hours, still no luck

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered AP-4545 commented

Hi there,

Check your Disable machine account password changes policy setting.

The Domain member: Disable machine account password changes policy setting determines whether a domain member periodically changes its machine account password. Setting its value to Enabled prevents the domain member from changing the machine account password.

The Domain member: Disable machine account password changes policy setting determines whether a domain member periodically changes its machine account password. Setting its value to Enabled prevents the domain member from changing the machine account password.

Domain member: Disable machine account password changes
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/domain-member-disable-machine-account-password-changes



--If the reply is helpful, please Upvote and Accept it as an answer--

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I’m trying to change “user” passwords, not machine passwords

0 Votes 0 ·

additionally this setting was already set to Disabled

0 Votes 0 ·