EN 
 
www.SAMURAJ-cz.com 
30.11.2025 Ondřej WELCOME IN MY WORLD
 
 
Petr Bouška
SAMURAJ-cz.com
IT Manager OKsystem
Veeam Vanguard
View profile

This website is originally written in the Czech language. Most content is machine (AI) translated into English. The translation may not be exact and may contain errors.

Tento článek si můžete zobrazit v originální české verzi. You can view this article in the original Czech version.
Změna hesla nebo jména doménového účtu

Changing the domain account password or name

| Petr Bouška - Samuraj |
This article provides more general information on how to change the password of a domain user (who is active with a valid password) in a corporate environment with a Microsoft domain. The detailed options depend on the environment, and the services used, of the company in question. We do not deal here with password expiration situations, where a change dialog may pop up. Instead, we will look at situations where the user is working remotely. When we change the password of a domain account, we often have to take a few extra steps because the old password is used differently. The situation is somewhat similar when the username is changed (for example, when changing the last name).
displayed: 12 092x (10 572 CZ, 1 520 EN) | Comments [1]

Domain account is the standard main user account under which we work on the computer, receive email, and log in to a variety of applications. It can be synchronized to the Microsoft cloud, so we use it for Microsoft 365 / Office 365 services as well. It uses the same name (which may have different capitalizations) and password everywhere, and in some places it has automatic login (SSO).

Changing Details During Remote Work

The situation is more complicated when we are not physically working in the office, but remotely through a VPN. If we connect to the remote desktop of a computer located in the office, everything is relatively standard.

But if we work on a company laptop that is not located in the office, the situation is more complex. The laptop, when starting up and logging in to the OS, cannot communicate with the company domain controller. Therefore, a cached user profile is used, including stored domain login information. If our name or password in the domain changes, these changes will not be reflected in the cached profile until they are updated from the domain controller.

Options for Changing the Password

On the Computer Locally or via RDP

  • If we are working on a computer in the office, we press the key combination Ctrl+Alt+Del and use the Change a password option.
  • If we are connected to the computer via remote desktop, we similarly use Ctrl+Alt+End.
  • If we are working on a company laptop outside the office, we establish a full VPN connection and use the first option Ctrl+Alt+Del.
Windows změna hesla 1 Windows změna hesla 2

Through the Email Web Interface (OWA)

If the company runs an Exchange server and has the web interface enabled, we can use it to change the domain account password (which has a mailbox). This can be used by users who do not have a computer on the company's internal network.

  • we log in to Outlook Web App (OWA, recently renamed to Outlook on the web)
  • in the top right, we click on the gear icon and choose Options
Outlook Web App - změna hesla 1
  • in the left menu, we choose General - My account
  • on the right side, there is a link Change your password
Outlook Web App - změna hesla 2
  • we enter the old and new password and confirm Save
Outlook Web App - změna hesla 3

Using Azure AD (Office 365 / Microsoft 365)

If the company uses Office 365 / Microsoft 365 services, it synchronizes users and passwords bidirectionally (between the local AD domain and the cloud Azure AD Tenant) and has SSPR enabled. Then we can change the domain account password in the web account management at Microsoft (similar to the email web interface). We can also set a new password if we forget the current one. But we must have registered verification methods for password reset.

More detailed description is at the end of the article Azure AD modern authentication, self-service password reset (SSPR).

What Changing Password or Name Affects

If we have stored name and password somewhere, or have active connections established, they become invalid after the change. If the password is changed, in that case the invalid password is sent and the account may be locked. Therefore, we need to terminate (newly establish) the connection and delete or update the stored credentials.

Updating Stored Domain Login Information

If we are working on a company laptop outside the office and the password has changed somewhere other than directly on the laptop (e.g. through the web interface), we need to update the stored credentials.

  • establish a full VPN connection
  • lock the computer Windows key + L
  • unlock the computer and log in with the new password (may take a longer time)

Restarting the Computer

After changing the password or name, it's a good idea to restart the company computer to terminate all established connections and re-establish them with the new credentials.

New VPN Connection

If we are connected via VPN and have changed the password, it's a good idea to terminate the VPN connection and re-establish it with the new password.

Established Connections

If we have any other connections to company services, we need to terminate and re-establish them. This may include RDP connections to company servers, Outlook connections from another computer, etc.

Stored Passwords

The most common problem is various remembered login credentials in different applications. We need to think through and change all of them, otherwise the account will continue to be locked.

  • In Windows - various login dialogs in the OS allow saving credentials, which are then managed using the Credential Manager (Control Panel - User Accounts - Manage your credentials) under Windows Credentials and Web Credentials
  • In web browsers - non-Microsoft browsers may store credentials from web forms
  • Mobile phone - we often have email synchronization set up on our mobile phone, where the password is stored
Author:

Related articles:

Windows OS

Articles dedicated to Microsoft operating systems, both client and server.

Active Directory and the LDAP protocol

Managing a corporate computer network using Microsoft OS usually means managing Active Directory Domain Services (AD DS). It is a very extensive group of technologies, protocols and services. The basis is directory services, authentication and the LDAP communication protocol.

If you want write something about this article use comments.

Comments
  1. [1] Michal

    Přesně takový návod jsem taky dělal, jen teda v angličtině. Implementoval jsem skript, který denně projíždí všechny usery a ty, kterým končí platnost během 14ti dnů to denně otravuje. Opruz totiž je, pokud jim heslo vyprší :) Chvilku remcali, ale zvykli si :) Od té doby klid...

    Monday, 16.08.2021 16:08 | answer
Add comment

Insert tag: strong em link

Help:
  • maximum length of comment is 2000 characters
  • HTML tags are not allowed (they will be removed), you can use only the special tags listed above the input field
  • new line (ENTER) ends paragraph and start new one
  • when you respond to a comment, put the original comment number in squar brackets at the beginning of the paragraph (line)