Today I was facing the issue to have to change my users password in a Active Directory Domain where I was not DomainAdmin.
Usually you just hit CRTL+ALT+DEL (STRG+ALT+ENTF on a german keyboard) and get to the Windows Security screeen where you can click on
“Change a password”,
now in a RDP Session this doesn’t help, as you’d get the original/source computers (the one that you are physically sitting in fromt of) Windows Security screen and would change the password of the user you logged on to this computer with, which does not need to be the same. For example in an administrators world, where you log on to the computer on your desk/lap using non admin credentials and from there RDP into an admin hop workstation or Terminalserver and do your job from there. (quite common setup actually)
That said with just one RDP session it’s quite easy to solve, as instead of CRTL+ALT+DEL you just press CRTL+ALT+END (STRG+ALT+ENDE on a german keyboard) and the computer you RDP into Windows Security Screen pops up and you can click “change a password”.
Now if you RDP into the Admin Hop and from there RDP into another server (cascading RDP sessions) I have not found an easy way to get to the Windows Security screeen using CRTL+ALT+DEL or +END as those will bring us the first two hop computers screens, not the final ones.
With that: How to change the (domain) users password on that last session in the chain?
Quite easy actually, use the command line aka CMD.EXE (non administrative as you’d like to change the current users password) and type
net user yourusername * /domain
Got to use /domain only if it is an Active Directory based user account you’re logged on with.
This did the trick for me today , still have not found a way to get to the Windows Security screen in such a cascaded RDP session though…