RE: A way to NOT force password change after password migration
- From: "Tony" <zoltan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 11 Oct 2005 08:44:02 -0700
Hi Ada,
Your answer is correct. We actually figured out last night that we had
password complexity turned on in the default policy. We turned that off and
the passwords came across just fine.
Just one thing to add for the benefit of someone that might read this
later...You only need to turn off password complexity during the migration of
the passwords. You can turn it back on immediately following the password
migration and they will still work just fine. Apparently the password
complexity is not enforced until the next password change.
Thanks for the help
Tony
"Ada Pan [MSFT]" wrote:
> Hello Tony,
>
> I have successfully performed password migration test and would like to
> list the following factors:
>
> If the NT/user password does not meet the password policy in win2k3 domain,
> the use can use the original password at the first logon but will be forced
> to change the password.
>
> If the NT/user password meets the password policy in win2k3 domain, he can
> continue to use the password in win2k3 domain.
>
> If the original NT/user account is disabled, you can enable them during the
> ADMT migration process. (I remember one cu has asked this question)
>
> I would like to list the breif steps below to migraite password:
>
> 1. Make sure two-way trust are established.
>
> 2. Refer to the following article to perform the password migration
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
> t/804a418a-e8d4-473d-8517-264c87293fd2.mspx
>
> 3. When you insert the fopply disk on win2k3, use the command below:
>
> admt key "vpcdomain" "a:"
>
> 4. Put the disk to NT PDC, and run pwdmig.exe, in case you encounter
> problem that "NT need high encryption pack installed", you then can
> download the pack from the link below:
>
> Internet Explorer High Encryption Pack
> http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.msp
> x
>
> 5. Refer to ADMT help with the topic "password migration" to change the
> win2k3 domain security policy
>
> 6. When run ADMT to migrate the account, you now can speicfy the PES server
> (NT PDC) to migration the password.
>
> Hope it helps.
>
> Regards,
>
> Ada Pan
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
.
- Follow-Ups:
- RE: A way to NOT force password change after password migration
- From: Ada Pan [MSFT]
- RE: A way to NOT force password change after password migration
- References:
- RE: A way to NOT force password change after password migration
- From: Ada Pan [MSFT]
- RE: A way to NOT force password change after password migration
- Prev by Date: IP Addressing Scheme
- Next by Date: Moving from old hardware to new
- Previous by thread: RE: A way to NOT force password change after password migration
- Next by thread: RE: A way to NOT force password change after password migration
- Index(es):
Relevant Pages
|
Loading
