Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The client MUST do the following:
Have a secure channel established with a DC in the ___domain identified by ___domain-name and pass its name as the PrimaryName parameter.
Pass the encrypted new password:
Compute the NTOWFv1 ([MS-NLMP] section 3.3.1) of the new password.
Encrypt ([MS-SAMR] section 2.2.11.1.1) the result of step 1 using the Session-Key for the secure channel as the specified key.
Pass the result of step 2 as the UasNewPassword parameter.
Pass a valid client Netlogon authenticator as the Authenticator parameter.
After the method returns, the client MUST verify the ReturnAuthenticator, as defined in section 3.1.4.5.
On receiving STATUS_ACCESS_DENIED, the client SHOULD<103> re-establish the secure channel with the ___domain controller.