3.3.4.1.8.7 Authorization Error

If the client sends a request where the principal contained in the ChangePasswordRequest/AccountDN element does not have the "User-Change-Password" control access right on itself (as described in [MS-ADTS] section 3.1.1.3.1.5), the server MUST return a SOAP fault with a ChangePasswordFault fault subcode. The fault detail SHOULD be as specified in the following table.

Field

Value

[Code]

soapenv:Receiver

[Subcode]

ChangePasswordFault

[Action]

http://schemas.microsoft.com/2008/1/ActiveDirectory/Data/fault

[Reason]

Active Directory returned an error processing the operation.

[Detail]

 <soapenv:Detail>
     <ChangePasswordFault
       xmlns="http://schemas.microsoft.com/2008/1/ActiveDirectory/CustomActions"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
       <ArgumentError xsi:nil="true"></ArgumentError>
       <DirectoryError>
         <ErrorCode>19</ErrorCode>
         <ExtendedErrorMessage>...</ExtendedErrorMessage>
         <MatchedDN>...</MatchedDN>
         <Message>...</Message>
         <Referral xmlns:sera="http://schemas.microsoft.com/2003/10/Serialization/Arrays">...</Referral>
         <ShortMessage>...</ShortMessage>
         <Win32ErrorCode>8239</Win32ErrorCode>
       </DirectoryError>
       <Error xsi:nil="true"></Error>
       <ShortError xsi:nil="true"></ShortError>
     </ChangePasswordFault>
 </soapenv:Detail>