Heh thanks Rick. I am going to push that solution all the time, I worked too hard to get MS to make that change and stop giving the old tired answer of "change the password on the DC the user will authenticate on". :P
I had some time so I went through most of the posts. Been really busy lately with work and home and started feeling like a scrub for not doing my due diligence in the groups and listservs. People will forget who I am and all that... Plus this listserv was BUSY this week, usually it isn't quite so chatty. If I get to the point where I can answer questions 12 hours in advance you will not finding me posting much here... You will instead find me on the island of joe. That island will be the one currently named Aruba but renamed after I buy it from having the "answer questions 12 hours in advance" superpower... :) joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Friday, August 08, 2003 12:27 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password change issue <Shaking head> still hawking this old tired solution, eh? ;o) You've been busy tonight - you're weighing in on everything in one night. I just want to see the time when Joe answers questions 12 hours in advance. Now THAT would be a time saver.... Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Thursday, August 07, 2003 10:24 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Password change issue Get Q812499 or SP4. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan (OFT) Sent: Thursday, August 07, 2003 7:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue OK here it is... PDC emulator at a central site. DC at a remote site connected to Central site VIA a WAN link have Bridgehead with scheduled replication to remote sites Have GP that has strong password , Max password life 90 days, Min password life 1 days User contacts help desk because they forgot password (password was old123$) and locked their acct Helpdesk at Central site reset acct and password (newpassword new123$)and ck box to have user change password at next logon User logs in with password (new123$) from Help Desk The local Dc does a Pass thru authentication to the PDC emulator which returns a authentication packet to the client PC User gets "Must change password" Dialog box In the dialog box the old password is automatically back filled with the password (new123$) he logon with User enter new password (newer123$)and confirms it. When the user tries to finalize the change password he get blow out by old password not correct. the local dc is trying to commit the password change If the user enters his original password (old123$)(kind of tuff cause he forgot it that is why he called the help desk in the first place) in the old password box and enters a new one (newer123$) He is ok and allowed to go foward. This is really strange I Know why it happens. If you force replication thru out the domain before the user logs on this does not happen but that would be a no no in this place. If change the password on the PDC emulator and the local dc it does not happen. anyone got a valid reason why the client pc does this?? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
