Re: Windows XP Computer Object Password Change Process with AD

From: "Mathieu CHATEAU" <gollum123@xxxxxxx>
Date: Thu, 20 Sep 2007 08:07:19 +0200

Part of the answer here:
http://support.microsoft.com/kb/325850/EN-US/

Each Windows-based computer maintains a machine account password history
that contains the current and previous passwords that are used for the
account. When two computers try to authenticate with each other and a change
to the current password is not yet received, Windows relies on the previous
password. If the sequence of password changes exceeds two changes, the
computers involved may not be able to communicate, and you may receive error
messages. For example, you may receive "Access Denied" error messages when
Active Directory replication occurs.

So you can live for 60 days without connected to the domain
It will change the password as soon as it try to authenticate against AD,
after the 30 days

--
Cordialement,
Mathieu CHATEAU
http://lordoftheping.blogspot.com

"MSBob69" <MSBob69@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0FAC76D5-2976-428E-BF26-950BACEC386B@xxxxxxxxxxxxxxxx

Again we dance!

Let me add more context to my question:

I want to delete workstations that haven't been on my network for 90 days. I
know I can use the dsquery tool to find these machines but users are finding
there machines on the pending deletion list and are telling me they use their
machine all the time. So, why isn't the computer object password getting
updated?

That is why I am trying to get details on HOW machines update their password
into AD.

Please don't tell me how to use dstools or a vbscript to do this, tell me
the process used to update the password and examples of what will happen if
it fails.

Again read my original questions!

MSBob69

"MSBob69" wrote:

I am trying to get a better understanding how Windows XP changes it's
password every 30 days with Active Directory. I can't seem to get any details
on the process.

A computer object's password is 30 days old, what does the computer do?

Does it process the request during boot up?

What happens if it fails, when does it try it again?

What happens when the machine is off the network, like at home?

Does it try to change the password but since it is off the corp network it
doesn't process the request?

Does it wait another 30 days to try to change the password?

MSBob69

Follow-Ups:
- Re: Windows XP Computer Object Password Change Process with AD
  - From: al

Prev by Date: Re: Local Admin on workstation
Next by Date: Re: DNS Error 4000, 4013, 4015
Previous by thread: Re: Windows XP Computer Object Password Change Process with AD
Next by thread: Re: Windows XP Computer Object Password Change Process with AD
Index(es):
- Date
- Thread

Relevant Pages

Re: Machine Account password changes
... You can manually change a machine account password. ... You must use the Netdom ... >> Does anyone have any idea how much network traffic computer account ... >> been off the network. ...
(microsoft.public.windows.server.active_directory)
Error 3224 Help
... Changing machine account password for account A-MIS$ failed with the ... There are currently no logon servers available to service the logon request ... I have no computer on the network by that name. ...
(microsoft.public.win2000.general)