Solved

Running in Mixed Mode: NT4 PDC does not sync user password changes.....

Posted on 2003-12-10
4
164 Views
Last Modified: 2010-04-14

We recently completed our shift to Windows 2000 from an NT4 environment.  Everything is working like a champ, except for one thing.  When we change a password for a user account in Active Directory, the change occurs successfully in AD.  However, when we attempt to access a shared file or directory on the NT4 box (which was the PDC previously), we are prompted for authentication.  The user's new password in this case does not work, and the NT4 box will only accept their "old" password.

For instance some of our login scripts map a network drive to users machine from the NT4 server.  When the script reaches that point, it pauses and requests the user to enter a password.   Again, their new password is not accepted, but the "old" password works.

This is very strange.  I have tried going to the NT4 PDC and explicitly changing their password in "User Manager for Domains".  It still does not work.  The NT4 PDC is replicating other changes.  For example, if we create a new user account in A.D., the account eventually shows up on the User Manager on the NT4 PDC.

I'm confused.  Need help.  Thanks!
0
Comment
Question by:ericmalone
  • 2
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
tstaddon earned 250 total points
Comment Utility
Right...

This is what that wonderful Microsoft term "multi-master replication" is all about. You don't have ONLY ONE writeable domain controller in an Active Directory. All DCs within a domain are writeable.

NT4 only allows one writeable DC (the PDC), so W2K by default provides a service in your domain called PDC emulator. The server running this service is, in effect, your PDC.

So, if you have a mixed NT4 and 2000 domain, you need to have one master DC (Active Directory's PDC emulator) and your NT4 DCs need to be BDCs.

If your NT box thinks it's a PDC it won't bother to ask ANY other domain controller for passwords. Because as far as it knows, the ONLY server in your domain that is capable of changing a password, is itself.

Demote your NT4 server to a BDC, and it will happily recognise password changes by synchronising with the PDC emulator.
0
 

Author Comment

by:ericmalone
Comment Utility
This sounds harder than it looks.  Promoting BDC to PDC is simple, but how do you demote PDC to BDC?

I am assuming (as is the answer for every other ms windows issue) that there is a registry hack.......?

eric
0
 
LVL 5

Expert Comment

by:tstaddon
Comment Utility
I did find this...

http://www.nthelp.com/40/pdc2bdc1.htm

Which offers possible solutions.
0
 

Author Comment

by:ericmalone
Comment Utility
I will look into this further, thank you for this insight....

em
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now