MSChapSrvChangePassword2 function (mschapp.h)
The MSChapSrvChangePassword2 function changes the password of a user account while supporting mutual encryption.
Syntax
DWORD MSChapSrvChangePassword2(
[in] PWSTR ServerName,
[in] PWSTR UserName,
[in] PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt,
[in] PENCRYPTED_NT_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt,
[in] BOOLEAN LmPresent,
[in] PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
[in] PENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLmOrNt
);
Parameters
[in] ServerName
A pointer to a null-terminated Unicode string that specifies the Universal Naming Convention (UNC) name of the server on which to operate. If this parameter is NULL, the function operates on the local computer.
[in] UserName
A pointer to a null-terminated Unicode string that specifies the name of the user whose password is being changed.
[in] NewPasswordEncryptedWithOldNt
A pointer to a SAMPR_ENCRYPTED_USER_PASSWORD structure that contains the new clear text password encrypted using the current NT one-way function (OWF) password hash as the encryption key.
[in] OldNtOwfPasswordEncryptedWithNewNt
A pointer to an ENCRYPTED_NT_OWF_PASSWORD structure that contains the old NT OWF password hash encrypted using the new NT OWF password hash as the encryption key.
[in] LmPresent
A BOOLEAN that specifies if the current Lan Manager (LM) or NT OWF password hashes are used as the encryption keys to generate the NewPasswordEncryptedWithOldNt and OldNtOwfPasswordEncryptedWithNewNt ciphers. If TRUE, the LM OWF password hashes are used rather than the NT OWF password hashes.
[in] NewPasswordEncryptedWithOldLm
A pointer to a SAMPR_ENCRYPTED_USER_PASSWORD structure that contains the new clear text password encrypted using the current LM OWF password hash.
[in] OldLmOwfPasswordEncryptedWithNewLmOrNt
A pointer to a ENCRYPTED_LM_OWF_PASSWORD structure that contains the current LM OWF password hash encrypted using the new LM OWF password hash.
Return value
If the function succeeds, the return value is STATUS_SUCCESS (0x00000000).
If the function fails, the return value is one of the following error codes from ntstatus.h.
| Return code/value | Description |
|---|---|
|
The calling application does not have the appropriate privilege to complete the operation. |
|
The specified server or user name was not valid. |
|
New password is poorly formed, for example, it contains characters that cannot be entered from the keyboard. |
|
A restriction prevents the password from being changed. Possible restrictions include time restrictions on how often a password is allowed to be changed or length restrictions on the provided password. This error is also returned if the new password matched a password in the recent history log for the account. Security administrators specify how many of the most recently used passwords are not available for re-use. These are kept in the password recent history log. |
|
The old password parameter does not match the user's current password. |
|
The domain controller is not in an enabled state. The domain controller must be enabled for this operation. |
|
The domain controller is serving in the incorrect role to perform the requested operation. The operation can only be performed by the primary domain controller. |
Remarks
This function allows users to change their own passwords only if they have the access: USER_CHANGE_PASSWORD.
This function fails with STATUS_PASSWORD_RESTRICTION if the attempt to change the password conflicts with an administrative password restriction.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | mschapp.h |
| Library | Advapi32.lib |
| DLL | Advapi32.dll |