Re: Forced user password change request only by 2-nd login
- From: Dragos CAMARA <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Mar 2007 00:44:15 -0800
i ask you that because it seems at the first logon it use cached credentials
wich is used only when the network isnt available and after the login the
network is enabled - by the way if after the first login the user is
rebooting the workstation is asked to change password?. try to put on test
user to not use cached credentials and see what is happening.
--
Dragos CAMARA
MCSA Windows 2003 server
"Alexander Schaefer" wrote:
There are about 2000 clients in the AD in 40 sites worldwide. 95% of them are.
connected to 100 MBit ethernet. The rest goes wireless. There are no
behaviour deifferences depending on connection. The problems are common to
all sites and kinds of connections. Even if i force the test-user to change
te password today and will try to logon 24 hours later, the test-user will
not be required to change its password at the next logon, but by the next
one. The time period between the logons makes no sense. The client maybe in
the same site and subnet/vlan as the domain controller with PDC-master or
15.000 km away from it - it is always the same, independent on kind of
network connection. The only"Windows XP" seems to be important, because
logging on the Windows 2003 server, there are no problems.
"Dragos CAMARA" wrote:
do you test with clients wich are logged on on wire or wireless, do you have
any VLAN's there? because on logon on wireless they have to wait for enabling
and connecting to access point. if you reset password on a user , on first
login will be with the old password or with the new password?
--
Dragos CAMARA
MCSA Windows 2003 server
"Alexander Schaefer" wrote:
Thanks for suggestions... to ensure the proper PDC-Master function we have
moved PDC-Master to the different DC here on the site, but nothing changes.
One time more it is definitely NOT THE REPLICATION issue, because in our
tests we are using the "AD Users+Computers MMC" on the DC with PDC-master to
force the users password-change and the clients we are testing with are on
the same AD site and furthermore in the same subnet.
The NEW RECOGNITION is: this problem affects only Windows XP clients!!!
Testing the same procedure with a Windows 2003 member server there are no
probelem: the client will enforced to change its password by the next logon!
Some ideas??
"penlaster" wrote:
In general this sounds like a replication issue. If possible, move the
PDC emulator role to another DC and test if that helps.
Alexander Schaefer wrote:
Hello,
in our Windows 2003 Active Directory we expirience strange password change
behavior:
When administrator force the user to change its password on the next login
(activating the appropriated check-box in the AD Uúsers management), the user
will be requested to change its password NOT as expected at the next BUT by
the 2-nd login... This causes a lot of problems, because i.e. Exchange does
require the new password even by the first login...
This affects all users, but not the members of Built-In OU "Admins"
Analizing the eventlog messages we find out, that by the first login there
are 2 error logs in the clients application log: Event-ID 1006 and 1030,
which means the workstation was unable to connect to domain controller.. and
that each time by the first logon when for this user the "user must change
password at next logon" was activated. And this is the same for each of our
40 locations (LANs) worldwide!
Does anybody know how to solve this problem?
- Prev by Date: Re: Forced user password change request only by 2-nd login
- Next by Date: Re: Moving From Windows NT 4.0 to Windows 2003 Domain
- Previous by thread: Re: Forced user password change request only by 2-nd login
- Next by thread: Re: Forced user password change request only by 2-nd login
- Index(es):
Relevant Pages
|
