Return
-
Title
Password Reset not working for other domains -
Description
The Password Reset service is working correctly for User Account in the same domain as the Password Reset server but fails to reset the passwords in other domains
-
Cause
Assuming that the correct trusts are in place, the password reset service has the ability to allow users to change their passwords, even if they are from other domains. However, the correct permissions need to be in place.
By default, the service runs as "Local System" This means it uses the corresponding AD Computer account for any tasks in AD so this account needs permissions.
-
Resolution
Workaround
1. Grant the Computer Account the following permissions over the other domains:
List Contents, Read all properties, Read permissions, change password