Re: AD account lock

From: Herb Martin (news_at_LearnQuick.com)
Date: 12/03/04 

Date: Fri, 3 Dec 2004 01:52:28 -0600

"ET" <dumdum@dumdumdum.com> wrote in message
news:#dyookO2EHA.3324@tk2msftngp13.phx.gbl...
> For example, a particular user logs in using existing password. A prompt
> will say, after enter the password, that the password has expired and
> required to change to a new one. Then the process of entering a new
password
> the logon process continues and completes with the desktop now loaded.
Then
> the user clicks on MS Outlook to check for email and it prompts back a
> window asking for user's username, password and domain. Providing all
these
> information does not allow the user to go into his / her mailbox.
>
> Then when checking in AD Users and Computers and found that the user's
> account is locked. Unlock it and the user and access his / her mailbox and
> subsequently logging on with the new password to the computer.
>
> Is there some problem with the logon procedure? Or setting in the AD?

It sounds like a discrepancy between the current
user password and the one being present for service
authentication (e.g., email.)

Suggest that users logoff and back on after changing the
password and see if that helps.

1) Attempt to logon
2) Prompt to change password
3) Change and logon
4) Immediately LOGOFF
5) Logon again with the new password.

Now all of the session is with the new password.

ANOTHER Possibility:

You have multiple DCs that are not replicating (quickly).

Check each of these with DCDiag -- sending out put to a file
and search the text file output for FAIL, WARN, ERROR 

-- 
Herb Martin
>
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:u9nTS%23F2EHA.3908@TK2MSFTNGP12.phx.gbl...
> > "ET" <dumdum@dumdumdum.com> wrote in message
> > news:ua8SylB2EHA.936@TK2MSFTNGP12.phx.gbl...
> > > Hi,
> > >
> > > Some of our users are having problems when changing passwords. We have
> set
> > a
> > > group policy to have users to change their passwords from time to
time.
> > > However, some users when changing passwords would have their account
> > locked.
> > > After the account is unlocked they can use the new password to login.
> This
> > > happens in users using Windows 2000 as well as XP.
> > >
> > > Would any of you have idea of what the problem is?
> >
> > What are the precise circumstances?
> >
> > Are these Terminal Service users by any chance?
> >
> >
> > -- 
> > Herb Martin
> >
> >
> > >
> > > Thx in advance.
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Strange(?) OWA login problems
    ... What is the motivation in trying to logon as USERA and trying to access ... >> This issue normally fix all OWA login related problems. ... >>>prompt comes back. ... I tried to logon via Outlook ...
    (microsoft.public.exchange.admin)
  • Re: Start secure file without logging in a second time
    ... All you do is prompt the user for password, ... Why will the launch pad ask for a logon if your launch pad program is not ... No need to set the workgroup file. ... other secured database during the logon process, ...
    (comp.databases.ms-access)
  • RE: "computer Lock"
    ... NO LOGON PROMPT: ... RESUME FROM STANDBY/HIBERNATION: ... 'Prompt for password when computer resumes from standby' ... Windows XP Security Homepage: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Password access for folders over network
    ... the network logon always uses the currently logged on user ... but you *can* get it to prompt for the password. ... username, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Audit Account Logon Events, Client IP address incorrect?
    ... "Herb Martin" wrote in message ... The next step is to run an IDS but that is a LOT of work UNLESS you will actively read and use the logs. ... I really should have written a Perl program to do that (probably something simple based on time stamps would get me close.) -- ... >> Probably because historically logon might happen over ...
    (microsoft.public.win2000.active_directory)