Domain Admin can't reset Userpassword

[mike59999]

Hi,

i have added a new User in AD and made him a Member of "Domain Admins".
With this User i can modify/delete Entries like Users but i can not reset Password of Users.
I already tried to delegate Control to the User but it's not working.

[trysomething]

Not sure exactly what's going on BUT I'd venture a guess that there's something going on with your domain accounts vs. your local accounts.
I had run into a kind of similar situation and just added the Domain Admin account to the sudoers group in the terminal.
As a sudo user in terminal try the following code:

sudo usermod -a -G sudo <username goes here>

Honestly I have no clue if that's the "right" way to do it, but it worked like a champ for me!

[mike59999]

Hi,

the Problem is solved. There was a Microsoft Update which changed some Settings. If somebody has the same Problem you simply need to edit your Windowsregistry.
Under the Path "HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb" add a new dwordvalue with name "ProtectionPolicy" and Value 1. I have deployed this via GPO and since them all Problems are gone.

Link to Original Thread: https://social.technet.microsoft.com/Forums/windows/en-US/47faab6b-d717-4068-bee4-c694811e0066/credential-manager-problems-error-0x80090345

[trysomething]

I thought that was fixed in v4.1 - I kind of remember something about that but being honest I've read soooooooooo much trying to figure it all out LoL.  I had completely forgotten about that but I think (maybe ask my buddy Google cuz he knows EVERYTHING) installing winnbind fixes that.  I'll see if I ever made any notes about that and if I find anything I'll post it back in this thread.
In the meantime, thanks for the post and info, it's always nice to have more resources to look back on going forward!  Great job getting it solved!!!