Domain Controller password expiration

%3CLINGO-SUB%20id%3D%22lingo-sub-139545%22%20slang%3D%22en-US%22%3EDomain%20Controller%20password%20expiration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-139545%22%20slang%3D%22en-US%22%3E%3CP%3EAnyone%20faced%20an%20expired%20domain%20controller%20password%20on%20Azure%20(simple%20AD%20inside%20vnet%20-%20not%20AADS)%3F%26nbsp%3B%20Not%20able%20to%20change%20password%20via%20RDP.%26nbsp%3B%20Note%3A%20AD%20Administrator%20password%3B%20not%20local%20admin.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-139545%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ELOGIN%20failed%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-160249%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Domain%20Controller%20password%20expiration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-160249%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20the%20agent%20is%20working%2C%20which%20i%20assume%20it%20is%20because%20of%20the%20error%2C%20then%20you%20can%20use%20the%20custom%20script%20extension%20to%20just%20create%20a%20new%20user.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%3Enet%20user%20soverflow%20Testing123%20%2Fadd%20%2Fdomain%0Anet%20localgroup%20administrators%20soverflow%20%2Fadd%3C%2FPRE%3E%0A%3CP%3EAnd%20you%20should%20be%20able%20to%20RDP%20with%20new%20user%20'soverflow'.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHope%20this%20helps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-159667%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Domain%20Controller%20password%20expiration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-159667%22%20slang%3D%22en-US%22%3Ethis%20link%20shows%20a%20possiblity%20%3CA%20href%3D%22https%3A%2F%2Fmssec.wordpress.com%2F2015%2F12%2F26%2Fforced-password-change-at-next-logon-and-rdp%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmssec.wordpress.com%2F2015%2F12%2F26%2Fforced-password-change-at-next-logon-and-rdp%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Eif%20not%20you%20will%20have%20to%20use%20another%20Server%20and%20nest%20a%20domain%20joined%20server%20to%20it.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-159649%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Domain%20Controller%20password%20expiration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-159649%22%20slang%3D%22en-US%22%3E%3CP%3EDid%20you%20get%20this%20resolved%3F%26nbsp%3B%20I%20have%20the%20exact%20same%20issue%20on%20a%20couple%20of%20test%20AD%20VMs%20in%20Azure.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-140681%22%20slang%3D%22en-US%22%3ERE%3A%20Domain%20Controller%20password%20expiration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-140681%22%20slang%3D%22en-US%22%3EBurning%20a%20partner%20support%20ticket%20with%20this.%20After%20two%20hours%20the%20tech%20is%0Aelevating.%20May%20know%20Monday%20if%20it%20is%20possible%20or%20not.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-776650%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Domain%20Controller%20password%20expiration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-776650%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32935%22%20target%3D%22_blank%22%3E%40Chris%20Johnson%3C%2FA%3ENo%2C%20I%20had%20to%20blow%20away%20the%20domain%20and%20redo%20it.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Anyone faced an expired domain controller password on Azure (simple AD inside vnet - not AADS)?  Not able to change password via RDP.  Note: AD Administrator password; not local admin.

5 Replies
Burning a partner support ticket with this. After two hours the tech is elevating. May know Monday if it is possible or not.

Did you get this resolved?  I have the exact same issue on a couple of test AD VMs in Azure. 

this link shows a possiblity https://mssec.wordpress.com/2015/12/26/forced-password-change-at-next-logon-and-rdp/

if not you will have to use another Server and nest a domain joined server to it.

If the agent is working, which i assume it is because of the error, then you can use the custom script extension to just create a new user.

 

 

net user soverflow Testing123 /add /domain
net localgroup administrators soverflow /add

And you should be able to RDP with new user 'soverflow'.

 

Hope this helps.

 

 

@Chris JohnsonNo, I had to blow away the domain and redo it.