Re: Contacting the PDC on bad password
- From: VFisher <VFisher@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 17 Jul 2007 13:32:04 -0700
Jorge, thanks for replying.
I'm not having a problem with the password change part of it. If I change a
password on any domain controller, it updates the PDCe without any issue.
The issue is with the password check from another domain controller.
Let me try to clarify:
DC1 -- > password changes
DC1 notifies PDCe of password change (this works, I can see it via the
lockout tools)
User tries to login to DC3, replication of the password change has not yet
made it to this domain controller.
DC3 should then check in with the PDCe to make sure the password hasn't
changed, etc etc.
I do not see DC3 checking in with the PDCe. If I type a wrong password that
I know is bad on DC3 and the PDCe, I should see the bad password count rise
by one on DC3 and one on the PDCe. I only see the bad password count rise by
one on DC3.
Thanks.
"Jorge Silva" wrote:
Hi.
Can you explain how did you tested that?
Generally passwords changes will be sent immediately to the PDCe, so if a
user tries to log on with the new password to a machine which doesn't have
that new password, a request is sent to the PDCe to check if the password is
correct. If the password is correct, and the PDC will do ok for that
authentication.
Now, you need to check if replication/connectivity is working correctly so
when someone changes the PW that change will be also sent to the PDCe.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"VFisher" <VFisher@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A0180342-D1F5-4FBF-85C8-C81E2F78044D@xxxxxxxxxxxxxxxx
I'm having an issue where our remote domain controllers all of the sudden
are
not contacting the PDC if a user enters a wrong password. I do not have
any
group policies set, and I am not using AvoidPDCOnWan (not configured
should
be the same as setting it to 0). I've actually taken one domain
controller
and manually set AvoidPDCOnWan to 0 to see if it would work, but alas, it
did
not help.
I can see the bad password count go up on the remote domain controller if
I
enter a bad password for a test user, but never see anything right on the
PDC.
Of course, I searched the KB and newsgroups, but couldn't find anything
relating to this situation except that it was an issue in Windows 2000 SP2
and fixed in Windows 2000 SP3. I was wondering if anyone else has come
across this before I call Microsoft.
By the way, our domain is in Windows 2000 native mode, and our domain
controllers are Windows 2003 SP1 or Windows 2000 SP4 (sorry, haven't
finished
the upgrade yet). I've tried from sites with both types of DC's.
Thanks for your time.
- Follow-Ups:
- Re: Contacting the PDC on bad password
- From: Jorge Silva
- Re: Contacting the PDC on bad password
- References:
- Re: Contacting the PDC on bad password
- From: Jorge Silva
- Re: Contacting the PDC on bad password
- Prev by Date: Re: Contacting the PDC on bad password
- Next by Date: Re: intra-site replication schedule
- Previous by thread: Re: Contacting the PDC on bad password
- Next by thread: Re: Contacting the PDC on bad password
- Index(es):
Relevant Pages
|
