jg733
asked on
trouble changing passwords - sometimes
Every Blue moon or two, I get this message:
--------------------------
Active Directory
--------------------------
The password for George S cannot be set due to insufficient privileges. Windows will attempt to disable this account. If this attempt fails, the account will become a security risk. Contact an administrator as soon as possible to repair this. Before this user can log on, the password should be set, and the account must be enabled.
--------------------------
OK
--------------------------
I can change the password if I try later, but its a pain the rump. Any thoughts? This only seems t happen when I try on a user that was just created.
mikecr
Do you have an AD policy for changing passwords? How long after you create the account are you attempting to change the password? Where is the Global Catalog server located at on your network, at your location or a different location?
ASKER
guidway. Thanks, but I saw that too. It didn't help.
Mikecr, I have some policies set. What specifically are you asking for?
Immediately after the change is when I try to change it.
The GC is in the same site.
Thanks,
Jeff
Mikecr, I have some policies set. What specifically are you asking for?
Immediately after the change is when I try to change it.
The GC is in the same site.
Thanks,
Jeff
That's probably part of your problem. Whenever you create the account and password the first time and then you attempt to change the password immediately thereafter, the machine needs to query the GC first before issuing the password change dialog box. At this point AD has not been updated completely and the changes have not been made yet to the GC. If you wait about 30 minutes you should be able to change the password normally. This has to do with replication between domain controllers within the domain. You can fix this by shortening the amount of time between replications of domain controllers.
ASKER
Mikecr, I don't think that is it - because of some information I should have said:
When what you are describing happens, I get an informational message stating (paraphrasing) The account you are modifying was recently created or has not replicated, try agin later, blah blah
since the machine is in the same site as the GC, both logically and physically, I thought that the update would be near instant. However, I'm not that confident about this...
However, I will look more into the health of my GC server...
When what you are describing happens, I get an informational message stating (paraphrasing) The account you are modifying was recently created or has not replicated, try agin later, blah blah
since the machine is in the same site as the GC, both logically and physically, I thought that the update would be near instant. However, I'm not that confident about this...
However, I will look more into the health of my GC server...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.