Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
3.4.5.2.6 Calling NetrServerPasswordSet

3.4.5.2.6 Calling NetrServerPasswordSet

The client MUST do the following:

  • Have a secure channel established with a DC in the domain identified by domain-name, and pass its name as the PrimaryName parameter.

  • Pass the encrypted new password:

    1. Compute the NTOWFv1 ([MS-NLMP] section 3.3.1) of the new password.

    2. Encrypt ([MS-SAMR] section 2.2.11.1.1) the result of step 1 using the Session-Key for the secure channel as the specified key.

    3. Pass the result of step 2 as the UasNewPassword parameter.

  • Pass a valid client Netlogon authenticator as the Authenticator parameter.

After the method returns, the client MUST verify the ReturnAuthenticator as described in section 3.1.4.5.

On receiving STATUS_ACCESS_DENIED, the client SHOULD<119> re-establish the secure channel with the domain controller.

Show:
© 2015 Microsoft