Re: Password expires for no apparent reason
- From: "jx" <mc@xxxxxxxxxxx>
- Date: Mon, 6 Nov 2006 14:16:58 -0500
Run the gpupdate/force cmd on the client. Also run the gpresult cmd to see
which gpo s are getting applied on the client machine. Can you post the
config of the pwd settings?
"Patty" <Patty@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:875C6BB4-2557-4FE5-8E6A-D0E57E5693D0@xxxxxxxxxxxxxxxx
I am having the same problem with my user passwords. The domain policy is
'not configured' for minimum and maximum password age. Also, 'password
never
expires' is set for each user.
Any other ideas?
Thanks!
"Brian Delaney [MSFT]" wrote:
Hi,
Nice to hear from you again Harj. MS has been a great experience, great
to
be back in the field. Hope SpecOps is going well with you.
Steve, the minimum password age is there to prevent users from blowing
through the password history in a single day. Lets say you have a
password
history of 12 so that users cannot use a previous password until the 13th
password change. Minimum password age is there to prevent the user from
changing their password 13 times in a single day. The must wait 1 day
between each change in your configuration.
As Harj said Account lockouts could potentially be a problem as perhaps
the
users password has not expired but they are locked out after a few
unsuccessful attempts.
What I would recommend is the next time this problem happens check the
useraccountcontrol attribute of the user account before resetting the
password. This can be checked with adsiedit.msc or ldp.exe The
useraccountcontrol is a flag that tells the database the status of the
account. Based on this flag we can see if in fact the account password
has
expired, the account is locked out or if the account is normal. See
http://support.microsoft.com/kb/305144/ for more information on
useraccountcontrol.
Also, it would be nice if we could try to log the user in at a
workstation
when the problem occurs so that we can see what error message windows
gives
us trying to log the user on.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no
rights.
--------------------
From: "Harj" <cisqokid@xxxxxxxxx>should
Newsgroups: microsoft.public.windows.server.active_directory
Subject: Re: Password expires for no apparent reason
Date: 16 Aug 2006 07:29:54 -0700
Organization: http://groups.google.com
Hi,
Nice to hear from you Mr. Brian Delaney long time no chat. Hope MS is
treating you well.
Steve, this is from your output and you state you have no lockout
policy..
Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
You say that the admins have to reset the password, but is that because
it is expired or because it is locked out? When your password expires
end users are required to reset their password to meet the requirements
within your Default Domain Policy.
You have to reset a password as an admin if the password is forgotten,
lost, account is locked out.
When an admin reset's the password, do they also have to unlock the
account?
Good luck
Harj Singh
Password Policy done right
www.specopssoft.com
stever wrote:
Yes, we understand about the 120 days, but we've got passwords
apparently
expiring after 30, 45, 57 days.
But, now that I think about it, there's a min and max password age.
Does
that mean a password can expire at any time within that range? I.e.
theremin & max be the same (120 days) for a password to expire at 120 days?
"Brian Delaney [MSFT]" wrote:
Hi Steve,
Based on the net accounts output you posted from a DC it appears
that
youis a password policy in place which will cause the passwords to
expire:
Maximum password age (days): 120
Check the Group Policies, particularly the Default Domain Policy,
that
configuredhave linked at the Domain Level in Active Directory.
Max Password Age is set under:
Computer Configuration\Windows Settings\Account Policies\Password
Policy\Maximum password age
If you wish for passwords to never expire this will need to be
rights.as 0.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers no
pop-up.--------------------
Thread-Topic: Password expires for no apparent reason<wF4b3oivGHA.1992@xxxxxxxxxxxxxxxxxxxxx>
thread-index: AcbAipJe2cjPQQrhTUWC5pqvsGuYhA==
X-WBNR-Posting-Host: 192.188.254.2
From: =?Utf-8?B?c3RldmVy?= <stever@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <1D79CFC1-2284-4C48-8D10-4F70BF2F793D@xxxxxxxxxxxxx>
Subject: RE: Password expires for no apparent reason
Date: Tue, 15 Aug 2006 09:48:02 -0700
1) There is no error. User goes to Sharepoint site and gets login
been on
Enters domain/username & password and control goes right back to
login
pop-up. No error text.
2) Not likely they're forgetting. This happens to people who have
betterthe portal. I cannot login when I try either.
3) Will have to try logging in directly.
4)
Force user logoff how long after time expires?: Never
Minimum password age (days): 1
Maximum password age (days): 120
Minimum password length: 6
Length of password history maintained: 10
Lockout threshold: 5
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: PRIMARY
Thanks Brian, let me know if you need anything else...
"Brian Delaney [MSFT]" wrote:
Hi Steve,
I just have a few questions I would like you to answer to gain a
theunderstanding of the issue.
What is the verbatim error that the users experience when you
know
theyusers password needs to be reset?
How many users are experiencing this problem? Is it possible
that
tohave just forgotten their password?
If you try to log on to a Windows 2000 or XP desktop that is
joined
controllerthe
domain with one of these problem accounts what is the error that
you
receive?
Please run "net accounts" from the command line on a domain
andand
rights.post the results so we can verify the domain password policy.
Hope this helps,
Brian Delaney
Microsoft Canada
--
This posting is provided "AS IS" with no warranties, and confers
no
--------------------
Thread-Topic: Password expires for no apparent reason
thread-index: Aca9a+qOjnOssMHcTgi9D9mgAfOEyw==
X-WBNR-Posting-Host: 192.188.254.2
From: =?Utf-8?B?c3RldmVy?= <stever@xxxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Password expires for no apparent reason
Date: Fri, 11 Aug 2006 10:31:02 -0700
Our users login to our sharepoint portal and AD does the
username
randompassword check.
We having the occurance that passwords have to be reset for a
lockoutgroup
of users every few weeks.
However, there's no password expiration set, there no account
if
too
many failed tries, no inactivity lockout, etc.
Any ideas? Thanks
.
- Follow-Ups:
- Re: Password expires for no apparent reason
- From: Harj
- Re: Password expires for no apparent reason
- From: Harj
- Re: Password expires for no apparent reason
- References:
- Re: Password expires for no apparent reason
- From: Patty
- Re: Password expires for no apparent reason
- Prev by Date: Re: External Trust functionality...
- Next by Date: Redundancy for DC's and DNS-ADI
- Previous by thread: Re: Password expires for no apparent reason
- Next by thread: Re: Password expires for no apparent reason
- Index(es):
Relevant Pages
|
Loading
