Active Directory – Change User’s Password – Erroring

 

Preface

This is a difficult post as it does not demonstrate a remedying process.

It merely demonstrates a stumbling block, we ran into as we tried to change an Active Directory Service Account’s password.

BTW, a couple of choices for changing an AD’s Account password are documented here.

 

Changing AD User Password : Attempting

UI

Active Directory Users & Managers

Reset Password

resetpassword

 

Reset Password – Access is Denied

accessisdenied

 

Console

dsmod

Tried to change password using dsmod

Batch File


@echo off

Rem Change a domain account’s password from the command line	
Rem https://itnsomnia.wordpress.com/2008/04/08/change-a-domain-accounts-password-from-the-command-line/

set "_SAMAccountName=SQLSvc"
set "_ADPassword=antelopeWASBEFOREME#"

echo ADUser
dsquery user -samid %_SAMAccountName%

dsquery user -samid %_SAMAccountName%  | dsmod user  -mustchpwd no -pwd %_ADPassword%

Echo ERRORLEVEL is %ERRORLEVEL%



Output


ADUser
"CN=MSSQLsql,OU=ServiceAccounts,OU=LAB,DC=AD"
dsmod failed:CN=MSSQLsql,OU=ServiceAccounts,OU=LAB,DC=AD:Access is denied.:Set password failed
type dsmod /? for help.
ERRORLEVEL is -2147467259
>

 

 

Diagnostic

Active Directory Users And Computers

User’s Properties

Per-using Active Directory Users and Computer, here is the AD Account’s setting:

accountproperties-account

 

Explanation

  1. User must change password at next logon
    • Set
      • Good
  2. User cannot change change password
    • Not Set
      • Good
  3. Password never expires
    • Set
      • Good

Conclusion

From a simple User Property review, nothing should stop this Service Account from changing its own password.

In a follow-up post, will review whether restrictions have been set at the Organization (ou) level.

 

Microsoft – SQL Server – v 2008-R2 – Service Pack 1 (SP1) – Upgrade fails “silently”

Microsoft – SQL Server – v 2008-R2 – Service Pack 1 (SP1) – Upgrade fails Silently

Trying to install “Microsoft SQL Server – v2008/R2” Service Pack 1 (SP1) fails.

Yes, upgrade are apt to fail sometimes, but this time, it is failing miserably.

What do I mean miserable; well:

  • Upon extraction of the compressed exe update file, the application simply shuts down.
  • No error messages
  • Nothing useful in the Event Log
  • Tweak “Local Policy” to enable logging of failures
  • Tried SysInternal’s “ProcessMonitor”

Nothing.  It is pulling the Great Houdini.  What to do, when things go bye bye, without a word.

Well Google of course.  But for what; what is my foe.  Every story needs a foe…

So brought the old notepad editor and created a little command file:


SQLServer2008R2SP1-KB2528583-x64-ENU.exe
echo ErrorLevel is %errorlevel%

Subconsciously, I know that if I am able to capture the error number, I will be able to get a bit of help from the “Oracle” of “Problem and Resolution Engine”, Google.

So run the command file and was able to get our Error Number:

-2147467259

Having en error number meant that in time we might get somewhere. Flirted with calling MS Support.

Went to Sleep over it. Hoping that a good night sleep and a rested mind will do a bit of good.

Googled for “2147467259 sql server setup.exe”

And, the most helpful link led to

1) SQL Server Express 2008 Setup Error : Exit code -2147467259.
http://social.msdn.microsoft.com/forums/en-US/sqlsetupandupgrade/thread/457b4874-3e8d-421a-a6e5-19dc947eb76c/

Found a couple of correlated messages in the “Event Viewer”.

1) .Net Runtime version 2.0.50727.5420 – Error ‘Invalid syntax on line 166.’ occurred while parsing the ‘Machine’ policy level. The default policy level was used instead.

The fix prescribed in the article is to launch a “command shell” and issue:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\caspol.exe -machine -reset

Did, but no help

Hours later, went back and found another link:

1) SQL Server 2008 Service Pack 2 fails to install
http://social.msdn.microsoft.com/Forums/en-US/sqlsetupandupgrade/thread/732b0d4d-1422-4631-b738-fcdf22492200/

In an helpful exchange between Deepesh_MSNDN & Costanza, they spoke about target the 64-bit .Net Environment


cd c:\Windows\Microsoft.NET\Framework64\v2.0.50727
caspol.exe -machine -reset

As the machine is 64-bit, targeting 64-bit was most useful.

Couple of places to check per failed install\upgrade:

  • /%program files%/microsoft sql server/100/setup bootstrap/log
  • %userprofile%\appdata\local\temp\SqlSetup.log

References: