The Change Password function for the Account produces the following error:
[10/29/2018 16:28:21] Gathering the change details for EXAMPLEUSER on EXAMPLE.COM...
[10/29/2018 16:28:21] Checking account EXAMPLEUSER on EXAMPLE.COM using EXAMPLE.COM\tpamuser...
[10/29/2018 16:28:23] Calling LDAP SetPassword for CN=EXAMPLEUSER, DC=com, EXAMPLE.COM\tpamuser on DC01.EXAMPLE.COM using EXAMPLE.COM\tpamuser...
[10/29/2018 16:28:23] Setting the new password for Services on EXAMPLE.COM (DC01.EXAMPLE.COM).
[10/29/2018 16:28:24] Error connecting to DC01.EXAMPLE.COM as EXAMPLE.COM\tpamuser to change service passwords: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
[10/29/2018 16:28:24] Setting the new password for Scheduled Tasks on EXAMPLE.COM (DC01.EXAMPLE.COM).
[10/29/2018 16:28:24] System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at Microsoft.Win32.TaskScheduler.V2Interop.TaskSchedulerClass.Connect(Object serverName, Object user, Object domain, Object password) at Microsoft.Win32.TaskScheduler.TaskService.Connect() at Microsoft.Win32.TaskScheduler.TaskService..ctor(String targetServer, String userName, String accountDomain, String password, Boolean forceV1) at Quest.Perl.DirectoryServices.AccountManager.GetTaskService(String netAddress, String funcAccount, String funcAccountPwd, String& domain, String& userId) at Quest.Perl.DirectoryServices.AccountManager.ChangeTasksPwd(String netAddress, String[] accountNameFormats, String newPwd, String funcAccount, String funcAccountPwd)
[10/29/2018 16:28:24] The password for EXAMPLEUSER on EXAMPLE.COM was successfully changed.
[10/29/2018 16:28:25] Processed the password change for EXAMPLEUSER on EXAMPLE.COM in 3.4311963 seconds
If attempting to change a password for a dependent system but the checkboxes for the following settings are checked, the change password function produces the above error.
The checkboxes apply only to the system where the account originates. For a Directory account, this would be the Domain FQDN or specific Domain Controller depending on the System's Network Address. The settings cause TPAM to attempt to change the password for tasks and services on the Domain Controller.
Ensure these checkboxes are unchecked on the account:
On dependent systems, TPAM tries to change the password for tasks. For Services, TPAM tries to change the password and restart the service. To have control over these options, use a local account for service and task management.
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center