Forum Discussion
Solved
Unable to change expired password
I am using Server Next Preview Build 26257. It is a domain controller. I only have the one AD account which I created to do the evaluation. The account password expired today. When I attempt to chang...
- Curiosity: Are you talking about the BUILTIN\Administrator, i.e. the S-1-5-21-DOMAINSID-500, or another account you created after that?
I just ran into this issue as well. DCs are Server 2025 build 26100.1150, with Server 2025 forest functional level.
- Unable to change domain admin user's expired password (manually created account, not SID-500).
- Attempting to change PW from a remote machine using Ctrl+Alt+Del / Change PW gives "password has expired" error message, password is not changed (from Windows 10 as well as from Windows 11 machines).
- Logon attempt at DC's console yields the "password is expired and must be changed" prompt, followed by "password has expired" error without the password getting changed. Event ID 4625 gets logged.
Definitely a server-side DC issue, and anyone unlucky to not have another admin account at hand to reset the password is gonna have a bad time.
Did you try username@domain.local or DOMAIN\SamAccountName in your "CTRL+ALT+DEL -> change PW" method? The latter does often not work, for example if the account is a member of "Protected users" with "Admincount 1".
I did use the DOMAIN\SamAccountName format (both on a remote machine as well as on the DC's local console). However, I've done it this way before upgrading the domain to 2025 as well, and don't recall running into issues doing it this way (the account is not part of "Protected users").
- Thanks Matt K for confirming the bug.
Just for fun I reset the account's PW again, leaving the option to require changing it at logon. I logged on using the format username@domain.local and got the same bad result. Once I removed the requirement to change the PW at logon, I could log on using that format with the new PW.
