Change different domain account without being admin Windows

I have 2 accounts on a domain.

I can log into a citrix virtual desktop with the one account fine, but the other won't let me log into anything until I first change my password. I am remote, so I can't log into an RDP session to the servers I have access to without changing my password first.

Is it possible to change my password on my other account knowing the password but not being able to log into anything with that account?


Solution 1:

Yes, you can change the password on another account from a domain joined (and connected) machine.

Hit Ctrl+Alt+Del (if this is a remote session it might be bound to something else - according to this link, Citrix Virtual Desktop uses Ctrl+F1 when not full screen, whilst Ctrl+Alt+End is popular in other clients) and selecting Change a password... (shown below).

Windows Server 2008 R2 Ctrl+Alt+Del screen

On this screen you can change the username to the account you're looking to change the password for, and enter your old and new passwords (shown below).

Windows Server 2008 R2 Change Password screen

Assuming the machine is currently connected to a domain controller, this will work.

Solution 2:

Several folks here are confusing password resets with password changes. They are distinct in the Windows world! A password change requires knowledge of the old password, and the SELF identity has permission to Change Password on any user object, by default, in Active Directory.

A password reset is what an admin does, with no knowledge of the prior password. This requires elevated privileges. Also, password history is not enforced for password resets.