Use the ChangeUserPassword procedure of the Managed Active Directory namespace to change a user's password.
This procedure expects to be called with impersonate="1". The procedure impersonates the caller.
<request>
<procedure>
<execute namespace="Managed Active Directory" procedure="ChangeUserPassword">
<executeData>
<user>LDAP://CN=myUser1,CN=Users,DC=contoso,DC=com</user>
<oldPassword do-not-log="1">myOldPassword</oldPassword>
<newPassword do-not-log="1">myNewPassword</newPassword>
<preferredDomainController>myPrimaryDC.contoso.com
</preferredDomainController>
</executeData>
</execute>
</procedure>
</request>
The following input is valid for this request:
Use the <user> element to specify the Lightweight Directory Access Protocol (LDAP) path of the user whose password you want to change.
<user>LDAP://LDAP path of the user</user>
Use the <oldPassword do-not-log="1"> element to specify the new password for the user.
<oldPassword do-not-log="1">old password</oldPassword>
Use the <newPassword do-not-log="1"> element to, specify the new password for the user.
<newPassword do-not-log="1">new password</newPassword>
By using the <preferredDomainController> element, you can specify the domain controller that you want to use for this request. Using a single preferred domain controller eliminates replication delays that arise between multiple controllers.
This information is optional.
<preferredDomainController>your domain controller</preferredDomainController>
The response to this procedure does not contain significant data.
Important