I have a domain with 2 windows servers, one is DC (domain controller).
I want to change a domain account password automatically, with WinRM remote command NET USER my_account new_pwd /domain
on the non-DC (not the domain controller) server.
I've tried to:
Login to the DC with WinRM, and remotely execute the command. It works.
Login to the non-DC server with WinRM, and remotely execute the command. Got "System error 5 has occurred. Access is denied".
By the way, a similiar command without
/domain
argumentNET USER my_local_account new_pwd
, runs successfully and changes my local account password.Login to the non-DC server directly with RDP, and locally execute the command. Works.
I think it proves that changing domain password from the non-DC server is allowed, but changing remotely is restricted.
Is it possible to avoid the "system error 5" and change domain password remotelly on a non-DC server?