Solved

Some external users do not get prompted to change password when user must change password is checked.

Posted on 2004-09-16
5
185 Views
Last Modified: 2010-03-18
I have 2 NT4 domain controllers.  They both are in the same state but different cities and connected by T1 lines. We have external clients who have to be authenticated to the domain.  Our password policy requires changing passwords periodically.  Some of the external clients do not get prompted to change their passwords when the check box "user must change password at next logon" is checked after resetting the password.  When they enter their logon id and password they get the message "your account has expired".  Only by unchecking user must change password at next logon are they able to logon.
0
Comment
Question by:starksvillemiss
  • 2
5 Comments
 
LVL 4

Accepted Solution

by:
kamichie earned 125 total points
ID: 12079441
We have this problem a lot, it stems from using non NT 4 computers to connect to the Domain. Micorosft has made changes in the software that will sometimes be incompatible with newer version of Windows. When this happens we usually try to reset their account with the password password then click the user must change password at next logon. Also, if the user happens to be logged in during this time the Domain can get confused. Sometimes it also stems from the users ignoring the messages, and simply leaving their computers logged in and locked all the time, without a reboot the network simply expires their account without them knowing. I would personally recommend upgrading you servers, if this is not possible yo just have to play with the ID's till you get it right. Sometime I delete and add them again and that fixes the problem, somtimes I just reset the password. We also had the problem of when users changed their password it locked out their account.
0
 
LVL 4

Expert Comment

by:kamichie
ID: 12079461
Also, If you external Clients use laptops but still use their Domain loggins to access them while not connected this can lead to problem's wiht the login caching. If this is the case try getting them to make a seprate local account to use when not connect to the Domain.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question