• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 178
  • Last Modified:

Running in Mixed Mode: NT4 PDC does not sync user password changes.....


We recently completed our shift to Windows 2000 from an NT4 environment.  Everything is working like a champ, except for one thing.  When we change a password for a user account in Active Directory, the change occurs successfully in AD.  However, when we attempt to access a shared file or directory on the NT4 box (which was the PDC previously), we are prompted for authentication.  The user's new password in this case does not work, and the NT4 box will only accept their "old" password.

For instance some of our login scripts map a network drive to users machine from the NT4 server.  When the script reaches that point, it pauses and requests the user to enter a password.   Again, their new password is not accepted, but the "old" password works.

This is very strange.  I have tried going to the NT4 PDC and explicitly changing their password in "User Manager for Domains".  It still does not work.  The NT4 PDC is replicating other changes.  For example, if we create a new user account in A.D., the account eventually shows up on the User Manager on the NT4 PDC.

I'm confused.  Need help.  Thanks!
0
ericmalone
Asked:
ericmalone
  • 2
  • 2
1 Solution
 
tstaddonCommented:
Right...

This is what that wonderful Microsoft term "multi-master replication" is all about. You don't have ONLY ONE writeable domain controller in an Active Directory. All DCs within a domain are writeable.

NT4 only allows one writeable DC (the PDC), so W2K by default provides a service in your domain called PDC emulator. The server running this service is, in effect, your PDC.

So, if you have a mixed NT4 and 2000 domain, you need to have one master DC (Active Directory's PDC emulator) and your NT4 DCs need to be BDCs.

If your NT box thinks it's a PDC it won't bother to ask ANY other domain controller for passwords. Because as far as it knows, the ONLY server in your domain that is capable of changing a password, is itself.

Demote your NT4 server to a BDC, and it will happily recognise password changes by synchronising with the PDC emulator.
0
 
ericmaloneAuthor Commented:
This sounds harder than it looks.  Promoting BDC to PDC is simple, but how do you demote PDC to BDC?

I am assuming (as is the answer for every other ms windows issue) that there is a registry hack.......?

eric
0
 
tstaddonCommented:
I did find this...

http://www.nthelp.com/40/pdc2bdc1.htm

Which offers possible solutions.
0
 
ericmaloneAuthor Commented:
I will look into this further, thank you for this insight....

em
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now