3.1.5.10.3 SamrUnicodeChangePasswordUser2 (Opnum 55)

msdn link

The SamrUnicodeChangePasswordUser2 method changes a user account's password.

 long SamrUnicodeChangePasswordUser2(
   [in] handle_t BindingHandle,
   [in, unique] PRPC_UNICODE_STRING ServerName,
   [in] PRPC_UNICODE_STRING UserName,
   [in, unique] PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt,
   [in, unique] PENCRYPTED_NT_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt,
   [in] unsigned char LmPresent,
   [in, unique] PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
   [in, unique] PENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewNt
 );

BindingHandle: An RPC binding handle parameter as specified in [C706] section 1.

ServerName: A null-terminated string containing the NETBIOS name of the server; this parameter MAY<66> be ignored by the server.

UserName: The name of the user. See the message processing later in this section for details on how this value is used as a database key to locate the account that is the target of this password change operation.

NewPasswordEncryptedWithOldNt: A cleartext password encrypted according to the specification of SAMPR_ENCRYPTED_USER_PASSWORD (section 2.2.6.21), where the key is the NT hash of the existing password for the target user (as presented by the client in the OldNtOwfPasswordEncryptedWithNewNt parameter).

OldNtOwfPasswordEncryptedWithNewNt: The NT hash of the target user's existing password (as presented by the client) encrypted according to the specification of ENCRYPTED_LM_OWF_PASSWORD (section 2.2.7.3), where the key is the NT hash of the cleartext password obtained from decrypting NewPasswordEncryptedWithOldNt.

LmPresent: If this parameter is zero, NewPasswordEncryptedWithOldLm and OldLmOwfPasswordEncryptedWithNewNt MUST be ignored; otherwise these fields MUST be processed.

NewPasswordEncryptedWithOldLm: A cleartext password encrypted according to the specification of SAMPR_ENCRYPTED_USER_PASSWORD, where the key is the LM hash of the existing password for the target user (as presented by the client).

OldLmOwfPasswordEncryptedWithNewNt: The LM hash the target user's existing password (as presented by the client) encrypted according to the specification of ENCRYPTED_LM_OWF_PASSWORD, where the key is the NT hash of the cleartext password obtained from decrypting NewPasswordEncryptedWithOldNt.

Upon receiving this message, the server MUST process the data from the message subject to the following constraints:

  1. On a DC configuration if Active Directory is not running, the server MUST abort the request and return an error status.

  2. All database operations MUST occur in a single transaction.

  3. Let U be the user account with the sAMAccountName attribute value of UserName. The server MUST return STATUS_WRONG_PASSWORD if no such account exists.

  4. Let Stored-NT-Hash be the value of the unicodePwd attribute from the database decrypted using the algorithm specified in section 2.2.11.1, using U's RelativeId as the key. If the attribute does not exist, let Stored-NT-Hash be "NULL".

  5. Let Stored-LM-Hash be the value of the dBCSPwd attribute from the database decrypted using the algorithm specified in section 2.2.11.1, using U's RelativeId as the key. If the attribute does not exist, let Stored-LM-Hash be "NULL".

  6. If Stored-NT-Hash is NULL and LmPresent is zero or Stored-LM-Hash is NULL, the server MUST abort processing and return STATUS_WRONG_PASSWORD.

  7. If Stored-NT-Hash is not NULL, then:

    1. Let Presented-Clear-Text be the cleartext value sent by the client, obtained by decrypting NewPasswordEncryptedWithOldNt according to the specification of SAMPR_ENCRYPTED_USER_PASSWORD, using Stored-NT-Hash as the key, AND

    2. Let Presented-Old-NT-Hash be the value of OldNtOwfPasswordEncryptedWithNewNt decrypted according to the specification of ENCRYPTED_LM_OWF_PASSWORD, using the NT hash of Presented-Clear-Text as the key.

  8. If Stored-NT-Hash is NULL, then:

    1. Let Presented-Clear-Text be the cleartext value sent by the client, obtained by decrypting NewPasswordEncryptedWithOldLm according to the specification of SAMPR_ENCRYPTED_USER_PASSWORD, using Stored-LM-Hash as the key, AND

    2. Let Presented-Old-LM-Hash be the value of OldLmOwfPasswordEncryptedWithNewNt decrypted according to the specification of ENCRYPTED_LM_OWF_PASSWORD, using the NT hash of Presented-Clear-Text as the key.

  9. Exactly one of the two following conditions MUST be true; otherwise, the server MUST satisfy the constraints in section 3.1.5.14.6 and return STATUS_WRONG_PASSWORD.

    1. Stored-NT-Hash is non-NULL and equals Presented-Old-NT-Hash.

    2. Stored-NT-Hash is NULL, and Stored-LM-Hash is non-NULL and equals Presented-Old-LM-Hash.

  10. The server MUST update the clearTextPassword attribute with Presented-Clear-Text.