RE: [ActiveDir] Password change issue
We had a discussion involving this very issue on this list last week - MS has a KB article that describes this: http://support.microsoft.com/?scid=812499 There is a hotfix (referenced in this article), and the fix is included in Win2K SP4. Hope this helps...we're updating all our DCs to SP4 now, so we'll see... Dave -Original Message- From: Carr, Jonathan (OFT) [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 6:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue OK here it is... PDC emulator at a central site. DC at a remote site connected to Central site VIA a WAN link have Bridgehead with scheduled replication to remote sites Have GP that has strong password , Max password life 90 days, Min password life 1 days User contacts help desk because they forgot password (password was old123$) and locked their acct Helpdesk at Central site reset acct and password (newpassword new123$)and ck box to have user change password at next logon User logs in with password (new123$) from Help Desk The local Dc does a Pass thru authentication to the PDC emulator which returns a authentication packet to the client PC User gets Must change password Dialog box In the dialog box the old password is automatically back filled with the password (new123$) he logon with User enter new password (newer123$)and confirms it. When the user tries to finalize the change password he get blow out by old password not correct. the local dc is trying to commit the password change If the user enters his original password (old123$)(kind of tuff cause he forgot it that is why he called the help desk in the first place) in the old password box and enters a new one (newer123$) He is ok and allowed to go foward. This is really strange I Know why it happens. If you force replication thru out the domain before the user logs on this does not happen but that would be a no no in this place. If change the password on the PDC emulator and the local dc it does not happen. anyone got a valid reason why the client pc does this?? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Password change issue
Shaking head still hawking this old tired solution, eh? ;o) You've been busy tonight - you're weighing in on everything in one night. I just want to see the time when Joe answers questions 12 hours in advance. Now THAT would be a time saver Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Thursday, August 07, 2003 10:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password change issue Get Q812499 or SP4. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan (OFT) Sent: Thursday, August 07, 2003 7:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue OK here it is... PDC emulator at a central site. DC at a remote site connected to Central site VIA a WAN link have Bridgehead with scheduled replication to remote sites Have GP that has strong password , Max password life 90 days, Min password life 1 days User contacts help desk because they forgot password (password was old123$) and locked their acct Helpdesk at Central site reset acct and password (newpassword new123$)and ck box to have user change password at next logon User logs in with password (new123$) from Help Desk The local Dc does a Pass thru authentication to the PDC emulator which returns a authentication packet to the client PC User gets Must change password Dialog box In the dialog box the old password is automatically back filled with the password (new123$) he logon with User enter new password (newer123$)and confirms it. When the user tries to finalize the change password he get blow out by old password not correct. the local dc is trying to commit the password change If the user enters his original password (old123$)(kind of tuff cause he forgot it that is why he called the help desk in the first place) in the old password box and enters a new one (newer123$) He is ok and allowed to go foward. This is really strange I Know why it happens. If you force replication thru out the domain before the user logs on this does not happen but that would be a no no in this place. If change the password on the PDC emulator and the local dc it does not happen. anyone got a valid reason why the client pc does this?? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Password change issue
Get Q812499 or SP4. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan (OFT) Sent: Thursday, August 07, 2003 7:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue OK here it is... PDC emulator at a central site. DC at a remote site connected to Central site VIA a WAN link have Bridgehead with scheduled replication to remote sites Have GP that has strong password , Max password life 90 days, Min password life 1 days User contacts help desk because they forgot password (password was old123$) and locked their acct Helpdesk at Central site reset acct and password (newpassword new123$)and ck box to have user change password at next logon User logs in with password (new123$) from Help Desk The local Dc does a Pass thru authentication to the PDC emulator which returns a authentication packet to the client PC User gets Must change password Dialog box In the dialog box the old password is automatically back filled with the password (new123$) he logon with User enter new password (newer123$)and confirms it. When the user tries to finalize the change password he get blow out by old password not correct. the local dc is trying to commit the password change If the user enters his original password (old123$)(kind of tuff cause he forgot it that is why he called the help desk in the first place) in the old password box and enters a new one (newer123$) He is ok and allowed to go foward. This is really strange I Know why it happens. If you force replication thru out the domain before the user logs on this does not happen but that would be a no no in this place. If change the password on the PDC emulator and the local dc it does not happen. anyone got a valid reason why the client pc does this?? List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Password change issue
Title: Message Are the clients Win 9x or NT4 machines? If so did you install the DSClient on them. The Dsclient allows those computers to change their passwords. -Original Message- From: cflesher [mailto:[EMAIL PROTECTED]] Sent: Friday, November 08, 2002 1:25 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue I can change anyone's password from one of the DC's. However, no of our users can change their password from a client machine. It keeps saying that it is unable to change password at this time. Anyone know why it would do this? Replication is fine and all FSMO roles are up and talking. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477
RE: [ActiveDir] Password change issue
Title: Message Also if they are legacy (9x) clients make sure they have the DSClient setup. This will allow them to change PW at any DC. Without it they need to be talking to the PDC emulator. Kevin -Original Message- From: cflesher [mailto:[EMAIL PROTECTED]] Sent: Friday, November 08, 2002 1:25 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue I can change anyone's password from one of the DC's. However, no of our users can change their password from a client machine. It keeps saying that it is unable to change password at this time. Anyone know why it would do this? Replication is fine and all FSMO roles are up and talking. Chris Flesher The University of Chicago NSIT/DCS 1-773-834-8477