diff --git a/reactos/dll/win32/samlib/samlib.c b/reactos/dll/win32/samlib/samlib.c
index 1b28ba309ac..be6b3541808 100644
--- a/reactos/dll/win32/samlib/samlib.c
+++ b/reactos/dll/win32/samlib/samlib.c
@@ -136,7 +136,7 @@ SamAddMemberToGroup(IN SAM_HANDLE GroupHandle,
 {
     NTSTATUS Status;
 
-    TRACE("SamAddMemberToGroup(%p %lu %lx)",
+    TRACE("SamAddMemberToGroup(%p %lu %lx)\n",
           GroupHandle, MemberId, Attributes);
 
     RpcTryExcept
@@ -188,6 +188,43 @@ SamAddMultipleMembersToAlias(IN SAM_HANDLE AliasHandle,
 }
 
 
+NTSTATUS
+NTAPI
+SamChangePasswordUser(IN SAM_HANDLE UserHandle,
+                      IN PUNICODE_STRING OldPassword,
+                      IN PUNICODE_STRING NewPassword)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+
+NTSTATUS
+NTAPI
+SamChangePasswordUser2(IN PUNICODE_STRING ServerName,
+                       IN PUNICODE_STRING UserName,
+                       IN PUNICODE_STRING OldPassword,
+                       IN PUNICODE_STRING NewPassword)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+
+NTSTATUS
+NTAPI
+SamChangePasswordUser3(IN PUNICODE_STRING ServerName,
+                       IN PUNICODE_STRING UserName,
+                       IN PUNICODE_STRING OldPassword,
+                       IN PUNICODE_STRING NewPassword,
+                       OUT PDOMAIN_PASSWORD_INFORMATION *EffectivePasswordPolicy,
+                       OUT PUSER_PWD_CHANGE_FAILURE_INFORMATION *PasswordChangeFailureInfo)
+{
+    UNIMPLEMENTED;
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+
 NTSTATUS
 NTAPI
 SamCloseHandle(IN SAM_HANDLE SamHandle)
diff --git a/reactos/dll/win32/samlib/samlib.spec b/reactos/dll/win32/samlib/samlib.spec
index 94b0b01cf1d..161ce8de44c 100644
--- a/reactos/dll/win32/samlib/samlib.spec
+++ b/reactos/dll/win32/samlib/samlib.spec
@@ -1,9 +1,9 @@
 @ stdcall SamAddMemberToAlias(ptr ptr)
 @ stdcall SamAddMemberToGroup(ptr long long)
 @ stdcall SamAddMultipleMembersToAlias(ptr ptr long)
-@ stub SamChangePasswordUser2
-@ stub SamChangePasswordUser3
-@ stub SamChangePasswordUser
+@ stdcall SamChangePasswordUser2(ptr ptr ptr ptr)
+@ stdcall SamChangePasswordUser3(ptr ptr ptr ptr ptr ptr)
+@ stdcall SamChangePasswordUser(ptr ptr ptr)
 @ stdcall SamCloseHandle(ptr)
 @ stdcall SamConnect(ptr ptr long ptr)
 @ stub SamConnectWithCreds
diff --git a/reactos/include/ddk/ntsam.h b/reactos/include/ddk/ntsam.h
index 886be4608bb..16883866db6 100644
--- a/reactos/include/ddk/ntsam.h
+++ b/reactos/include/ddk/ntsam.h
@@ -187,12 +187,12 @@ extern "C" {
 #define USER_PARTIAL_SECRETS_ACCOUNT                0x00100000
 #define USER_USE_AES_KEYS                           0x00200000
 
-/* Constants uses by LOGON_HOURS.UnitsPerWeek */
+/* Constants used by LOGON_HOURS.UnitsPerWeek */
 #define SAM_DAYS_PER_WEEK        (7)
 #define SAM_HOURS_PER_WEEK       (24 * SAM_DAYS_PER_WEEK)
 #define SAM_MINUTES_PER_WEEK     (60 * SAM_HOURS_PER_WEEK)
 
-/* Flags used in USER_ALL_INFORMATION.WhichField */
+/* Flags used by USER_ALL_INFORMATION.WhichField */
 #define USER_ALL_USERNAME           0x00000001
 #define USER_ALL_FULLNAME           0x00000002
 #define USER_ALL_USERID             0x00000004
@@ -225,6 +225,26 @@ extern "C" {
 #define USER_ALL_OWFPASSWORD        0x20000000
 #define USER_ALL_UNDEFINED_MASK     0xC0000000
 
+/* Values used by USER_PWD_CHANGE_FAILURE_INFORMATION.ExtendedFailureReason */
+#define SAM_PWD_CHANGE_NO_ERROR                     0
+#define SAM_PWD_CHANGE_PASSWORD_TOO_SHORT           1
+#define SAM_PWD_CHANGE_PWD_IN_HISTORY               2
+#define SAM_PWD_CHANGE_USERNAME_IN_PASSWORD         3
+#define SAM_PWD_CHANGE_FULLNAME_IN_PASSWORD         4
+#define SAM_PWD_CHANGE_NOT_COMPLEX                  5
+#define SAM_PWD_CHANGE_MACHINE_PASSWORD_NOT_DEFAULT 6
+#define SAM_PWD_CHANGE_FAILED_BY_FILTER             7
+#define SAM_PWD_CHANGE_PASSWORD_TOO_LONG            8
+#define SAM_PWD_CHANGE_FAILURE_REASON_MAX           8
+
+/* Flags used by DOMAIN_PASSWORD_INFORMATION.PasswordProperties */
+#define DOMAIN_PASSWORD_COMPLEX             0x00000001L
+#define DOMAIN_PASSWORD_NO_ANON_CHANGE      0x00000002L
+#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE     0x00000004L
+#define DOMAIN_LOCKOUT_ADMINS               0x00000008L
+#define DOMAIN_PASSWORD_STORE_CLEARTEXT     0x00000010L
+#define DOMAIN_REFUSE_PASSWORD_CHANGE       0x00000020L
+#define DOMAIN_NO_LM_OWF_CHANGE             0x00000040L
 
 typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
 typedef ULONG SAM_ENUMERATE_HANDLE, *PSAM_ENUMERATE_HANDLE;
@@ -295,6 +315,18 @@ typedef enum _DOMAIN_SERVER_ROLE
     DomainServerRolePrimary
 } DOMAIN_SERVER_ROLE, *PDOMAIN_SERVER_ROLE;
 
+#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED
+#define _DOMAIN_PASSWORD_INFORMATION_DEFINED
+typedef struct _DOMAIN_PASSWORD_INFORMATION
+{
+    USHORT MinPasswordLength;
+    USHORT PasswordHistoryLength;
+    ULONG PasswordProperties;
+    LARGE_INTEGER MaxPasswordAge;
+    LARGE_INTEGER MinPasswordAge;
+} DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
+#endif
+
 #include "pshpack4.h"
 typedef struct _DOMAIN_GENERAL_INFORMATION
 {
@@ -337,6 +369,12 @@ typedef struct _DOMAIN_SERVER_ROLE_INFORMATION
     DOMAIN_SERVER_ROLE DomainServerRole;
 } DOMAIN_SERVER_ROLE_INFORMATION, *PDOMAIN_SERVER_ROLE_INFORMATION;
 
+typedef struct _DOMAIN_MODIFIED_INFORMATION
+{
+    LARGE_INTEGER DomainModifiedCount;
+    LARGE_INTEGER CreationTime;
+} DOMAIN_MODIFIED_INFORMATION, *PDOMAIN_MODIFIED_INFORMATION;
+
 typedef struct _DOMAIN_STATE_INFORMATION
 {
     DOMAIN_SERVER_ENABLE_STATE DomainServerState;
@@ -357,6 +395,20 @@ typedef struct _DOMAIN_GENERAL_INFORMATION2
 } DOMAIN_GENERAL_INFORMATION2, *PDOMAIN_GENERAL_INFORMATION2;
 #include "poppack.h"
 
+typedef struct _DOMAIN_LOCKOUT_INFORMATION
+{
+    LARGE_INTEGER LockoutDuration;
+    LARGE_INTEGER LockoutObservationWindow;
+    USHORT LockoutThreshold;
+} DOMAIN_LOCKOUT_INFORMATION, *PDOMAIN_LOCKOUT_INFORMATION;
+
+typedef struct _DOMAIN_MODIFIED_INFORMATION2
+{
+    LARGE_INTEGER DomainModifiedCount;
+    LARGE_INTEGER CreationTime;
+    LARGE_INTEGER ModifiedCountAtLastPromotion;
+} DOMAIN_MODIFIED_INFORMATION2, *PDOMAIN_MODIFIED_INFORMATION2;
+
 typedef enum _GROUP_INFORMATION_CLASS
 {
     GroupGeneralInformation = 1,
@@ -594,6 +646,11 @@ typedef struct _USER_ALL_INFORMATION
 } USER_ALL_INFORMATION, *PUSER_ALL_INFORMATION;
 #include "poppack.h"
 
+typedef struct _USER_PWD_CHANGE_FAILURE_INFORMATION
+{
+    ULONG ExtendedFailureReason;
+    UNICODE_STRING FilterModuleName;
+} USER_PWD_CHANGE_FAILURE_INFORMATION, *PUSER_PWD_CHANGE_FAILURE_INFORMATION;
 
 #define SAM_SID_COMPATIBILITY_ALL    0
 #define SAM_SID_COMPATIBILITY_LAX    1
@@ -617,6 +674,28 @@ SamAddMultipleMembersToAlias(IN SAM_HANDLE AliasHandle,
                              IN PSID *MemberIds,
                              IN ULONG MemberCount);
 
+NTSTATUS
+NTAPI
+SamChangePasswordUser(IN SAM_HANDLE UserHandle,
+                      IN PUNICODE_STRING OldPassword,
+                      IN PUNICODE_STRING NewPassword);
+
+NTSTATUS
+NTAPI
+SamChangePasswordUser2(IN PUNICODE_STRING ServerName,
+                       IN PUNICODE_STRING UserName,
+                       IN PUNICODE_STRING OldPassword,
+                       IN PUNICODE_STRING NewPassword);
+
+NTSTATUS
+NTAPI
+SamChangePasswordUser3(IN PUNICODE_STRING ServerName,
+                       IN PUNICODE_STRING UserName,
+                       IN PUNICODE_STRING OldPassword,
+                       IN PUNICODE_STRING NewPassword,
+                       OUT PDOMAIN_PASSWORD_INFORMATION *EffectivePasswordPolicy,
+                       OUT PUSER_PWD_CHANGE_FAILURE_INFORMATION *PasswordChangeFailureInfo);
+
 NTSTATUS
 NTAPI
 SamCloseHandle(IN SAM_HANDLE SamHandle);
diff --git a/reactos/include/psdk/ntsecapi.h b/reactos/include/psdk/ntsecapi.h
index 7f9606f35c0..2aa1ec3918e 100644
--- a/reactos/include/psdk/ntsecapi.h
+++ b/reactos/include/psdk/ntsecapi.h
@@ -327,6 +327,8 @@ typedef enum _LSA_FOREST_TRUST_COLLISION_RECORD_TYPE {
   CollisionXref,
   CollisionOther
 } LSA_FOREST_TRUST_COLLISION_RECORD_TYPE;
+#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED
+#define _DOMAIN_PASSWORD_INFORMATION_DEFINED
 typedef struct _DOMAIN_PASSWORD_INFORMATION {
   USHORT MinPasswordLength;
   USHORT PasswordHistoryLength;
@@ -334,6 +336,7 @@ typedef struct _DOMAIN_PASSWORD_INFORMATION {
   LARGE_INTEGER MaxPasswordAge;
   LARGE_INTEGER MinPasswordAge;
 } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
+#endif
 typedef ULONG LSA_ENUMERATION_HANDLE, *PLSA_ENUMERATION_HANDLE;
 typedef struct _LSA_ENUMERATION_INFORMATION {
   PSID Sid;
diff --git a/reactos/include/reactos/idl/sam.idl b/reactos/include/reactos/idl/sam.idl
index 07c792223da..f4ae902a13f 100644
--- a/reactos/include/reactos/idl/sam.idl
+++ b/reactos/include/reactos/idl/sam.idl
@@ -158,12 +158,12 @@ typedef enum _DOMAIN_SERVER_ROLE
 } DOMAIN_SERVER_ROLE, *PDOMAIN_SERVER_ROLE;
 cpp_quote("#endif")
 
-cpp_quote("#ifndef _NTSECAPI_H")
+cpp_quote("#if !defined(_NTSECAPI_H) && !defined(_NTSAM_)")
 typedef struct _DOMAIN_PASSWORD_INFORMATION
 {
-    unsigned short MinPasswordLength;
-    unsigned short PasswordHistoryLength;
-    unsigned long PasswordProperties;
+    USHORT MinPasswordLength;
+    USHORT PasswordHistoryLength;
+    ULONG PasswordProperties;
     OLD_LARGE_INTEGER MaxPasswordAge;
     OLD_LARGE_INTEGER MinPasswordAge;
 } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
@@ -179,7 +179,6 @@ typedef struct _DOMAIN_SERVER_ROLE_INFORMATION
 {
     DOMAIN_SERVER_ROLE DomainServerRole;
 } DOMAIN_SERVER_ROLE_INFORMATION, *PDOMAIN_SERVER_ROLE_INFORMATION;
-cpp_quote("#endif")
 
 typedef struct _DOMAIN_MODIFIED_INFORMATION
 {
@@ -193,6 +192,7 @@ typedef struct _DOMAIN_MODIFIED_INFORMATION2
     OLD_LARGE_INTEGER CreationTime;
     OLD_LARGE_INTEGER ModifiedCountAtLastPromotion;
 } DOMAIN_MODIFIED_INFORMATION2, *PDOMAIN_MODIFIED_INFORMATION2;
+cpp_quote("#endif")
 
 cpp_quote("#include <pshpack4.h>")
 typedef struct _SAMPR_DOMAIN_GENERAL_INFORMATION