trouble changing passwords - sometimes

Posted on 2002-07-12
Last Modified: 2010-04-13

Every Blue moon or two, I get this message:

Active Directory
The password for George S cannot be set due to insufficient privileges. Windows will attempt to disable this account. If this attempt fails, the account will become a security risk. Contact an administrator as soon as possible to repair this. Before this user can log on, the password should be set, and the account must be enabled.

I can change the password if I try later, but its a pain the rump. Any thoughts? This only seems t happen when I try on a user that was just created.
Question by:jg733
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 17

Expert Comment

ID: 7149632
Do you have an AD policy for changing passwords? How long after you create the account are you attempting to change the password? Where is the Global Catalog server located at on your network, at your location or a different location?
LVL 12

Expert Comment

ID: 7149650

Author Comment

ID: 7149714
guidway. Thanks, but I saw that too. It didn't help.

Mikecr, I have some policies set. What specifically are you asking for?

Immediately after the change is when I try to change it.

The GC is in the same site.


Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

LVL 17

Expert Comment

ID: 7149755
That's probably part of your problem. Whenever you create the account and password the first time and then you attempt to change the password immediately thereafter, the machine needs to query the GC first before issuing the password change dialog box. At this point AD has not been updated completely and the changes have not been made yet to the GC. If you wait about 30 minutes you should be able to change the password normally. This has to do with replication between domain controllers within the domain. You can fix this by shortening the amount of time between replications of domain controllers.

Author Comment

ID: 7150049
Mikecr, I don't think that is it - because of some information I should have said:

When what you are describing happens, I get an informational message stating (paraphrasing) The account you are modifying was recently created or has not replicated, try agin later, blah blah

since the machine is in the same site as the GC, both logically and physically, I thought that the update would be near instant. However, I'm not that confident about this...

However, I will look more into the health of my GC server...
LVL 17

Accepted Solution

mikecr earned 75 total points
ID: 7157453
You GC gets queried every time a user logs into the network looking for account information, if it does not exist, you will get an error message similiar to the one that your getting. Whenever an account is created, the domain controllers replicate between themselves on a timed basis and it is not instantaneous. It can take a few minutes for all changes to become apparent.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question