Active Directory – Change User’s Password – Erroring



This is a difficult post as it does not demonstrate a remedying process.

It merely demonstrates a stumbling block, we ran into as we tried to change an Active Directory Service Account’s password.

BTW, a couple of choices for changing an AD’s Account password are documented here.


Changing AD User Password : Attempting


Active Directory Users & Managers

Reset Password



Reset Password – Access is Denied





Tried to change password using dsmod

Batch File

@echo off

Rem Change a domain account’s password from the command line	

set "_SAMAccountName=SQLSvc"
set "_ADPassword=antelopeWASBEFOREME#"

echo ADUser
dsquery user -samid %_SAMAccountName%

dsquery user -samid %_SAMAccountName%  | dsmod user  -mustchpwd no -pwd %_ADPassword%



dsmod failed:CN=MSSQLsql,OU=ServiceAccounts,OU=LAB,DC=AD:Access is denied.:Set password failed
type dsmod /? for help.
ERRORLEVEL is -2147467259




Active Directory Users And Computers

User’s Properties

Per-using Active Directory Users and Computer, here is the AD Account’s setting:




  1. User must change password at next logon
    • Set
      • Good
  2. User cannot change change password
    • Not Set
      • Good
  3. Password never expires
    • Set
      • Good


From a simple User Property review, nothing should stop this Service Account from changing its own password.

In a follow-up post, will review whether restrictions have been set at the Organization (ou) level.


Microsoft – SQL Server – v 2008-R2 – Service Pack 1 (SP1) – Upgrade fails “silently”

Microsoft – SQL Server – v 2008-R2 – Service Pack 1 (SP1) – Upgrade fails Silently

Trying to install “Microsoft SQL Server – v2008/R2” Service Pack 1 (SP1) fails.

Yes, upgrade are apt to fail sometimes, but this time, it is failing miserably.

What do I mean miserable; well:

  • Upon extraction of the compressed exe update file, the application simply shuts down.
  • No error messages
  • Nothing useful in the Event Log
  • Tweak “Local Policy” to enable logging of failures
  • Tried SysInternal’s “ProcessMonitor”

Nothing.  It is pulling the Great Houdini.  What to do, when things go bye bye, without a word.

Well Google of course.  But for what; what is my foe.  Every story needs a foe…

So brought the old notepad editor and created a little command file:

echo ErrorLevel is %errorlevel%

Subconsciously, I know that if I am able to capture the error number, I will be able to get a bit of help from the “Oracle” of “Problem and Resolution Engine”, Google.

So run the command file and was able to get our Error Number:


Having en error number meant that in time we might get somewhere. Flirted with calling MS Support.

Went to Sleep over it. Hoping that a good night sleep and a rested mind will do a bit of good.

Googled for “2147467259 sql server setup.exe”

And, the most helpful link led to

1) SQL Server Express 2008 Setup Error : Exit code -2147467259.

Found a couple of correlated messages in the “Event Viewer”.

1) .Net Runtime version 2.0.50727.5420 – Error ‘Invalid syntax on line 166.’ occurred while parsing the ‘Machine’ policy level. The default policy level was used instead.

The fix prescribed in the article is to launch a “command shell” and issue:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe -machine -reset

Did, but no help

Hours later, went back and found another link:

1) SQL Server 2008 Service Pack 2 fails to install

In an helpful exchange between Deepesh_MSNDN & Costanza, they spoke about target the 64-bit .Net Environment

cd c:\Windows\Microsoft.NET\Framework64\v2.0.50727
caspol.exe -machine -reset

As the machine is 64-bit, targeting 64-bit was most useful.

Couple of places to check per failed install\upgrade:

  • /%program files%/microsoft sql server/100/setup bootstrap/log
  • %userprofile%\appdata\local\temp\SqlSetup.log