Is it possible to change domain account password remotely on a domain-joined server which is not DC?

140 views Asked by At

I have a domain with 2 windows servers, one is DC (domain controller).

I want to change a domain account password automatically, with WinRM remote command NET USER my_account new_pwd /domain on the non-DC (not the domain controller) server.

I've tried to:

  • Login to the DC with WinRM, and remotely execute the command. It works.

  • Login to the non-DC server with WinRM, and remotely execute the command. Got "System error 5 has occurred. Access is denied".

    By the way, a similiar command without /domain argument NET USER my_local_account new_pwd, runs successfully and changes my local account password.

  • Login to the non-DC server directly with RDP, and locally execute the command. Works.

    I think it proves that changing domain password from the non-DC server is allowed, but changing remotely is restricted.

Is it possible to avoid the "system error 5" and change domain password remotelly on a non-DC server?

0

There are 0 answers