Domain Password Synchronisation
- From: "Steve Ireland" <Sandymount@xxxxxxxxxxx>
- Date: Mon, 2 Oct 2006 10:31:28 +0100
I have had trouble finding other people with similar issue probably due to
the phraseology I'm using when searching Google.
Background:
This is a Windows 2003 domain that I did not install/upgrade so I can't
vouch for it (in fact it's a bit of a mess). It was upgraded from an NT
domain with Exchange 5.5.
The W2K3 Exchange 2K3 (member) server is configured with an Active Directory
connector.
The Win2K Proxy (member) server is running ISA 2000 with a content filter
plugin called WebMarshall.
There are two Win2K3 domain controllers (there was an NT4 DC which had lost
communication with the domain months ago - I removed it's traces from Active
Directory and reinstalled it with Win2K3 as a member server - as far as I
can tell, there are no longer any Event errors relating to this server).
A lot of the XP desktops did not have SP2 installed and were, therefore, not
installing the latest updates from MS. This caused problems when users tried
to change their password at logon (they were prevented from doing so) once
it expired (due to the absence of certain security updates). That issue is
now resolved too.
There are many errors still in the Event logs of both DCs (one of the Dcs is
multihomed, which seems to be causing some authentication issues) that I am
trying to resolve.
I could spend all day describing the various problems, but I think I'll hold
off until asked.
The problem:
Essentially, after a period of time (which is possibly coinciding with the
expiration of the password - about one month) the user will login
successfully without being prompted to change their password. Once they open
IE (ISA 2000) or Outlook (Exchange 2003), they will be prompted again for
user id and password. Also if they try to access network shares, they will
be prompted for a password. Their password will not work when they try to
enter it. If they log off and log back in they will again get into Windows
without been prompted to change their password. However, Exchange and ISA
will not let them authenticate.
I used to get the users to Ctrl, Alt & Del and change their password and
the everything would work fine. However, recently, they might be told that
they do not have permission to change their password when logged into
Windows (they do, in ADU&C). If I go ahead and set their password to expire,
they log off and log on, are prompted to change their password - which they
do successfully - and then everything works fine.
Any pointers?
Thanks.
Steve.
.
- Follow-Ups:
- Re: Domain Password Synchronisation
- From: Jorge Silva
- Re: Domain Password Synchronisation
- From: Herb Martin
- Re: Domain Password Synchronisation
- Prev by Date: Re: Setting up new Child Domain
- Next by Date: Re: Internal Domain Name convention
- Previous by thread: Re: Setting up new Child Domain
- Next by thread: Re: Domain Password Synchronisation
- Index(es):
Relevant Pages
|
Loading
