Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Password Problem in Active Directory

Posted on 2006-10-19
2
Medium Priority
?
236 Views
Last Modified: 2010-04-18
Hi

I am having a problem with active directory and passwords. I am running 3 servers in a windows 2003 domain. All servers are 2003 server standard and 2 are domain controllers.

my problem is this. when a user's password expires they have to change it, which they do with no trouble. but from that point forward they are prompted for user id and password to access network resources. when they open outlook to check e-mail with exchange, they get prompted for their password, when they enter their NEW password it works ok. Also their home folders do not get mapped at logon, and they get a message at log off that their roaming profile can not be saved.

if you attempt to access server resources using UNC via \\servername you get prompted for a password, once entered you can access resources.

Active Directory is supposed to provide a single point of logon, and i have not had any problems in the past with users and passwords which have been changed in the past.

i have rebooted all servers, and the PDC seems to be working fine. It passed tests using dcdiag and netdiag w/ no problem and there is nothing in the event log.

Users who have not changed their passwords continue to have no problems until they do change their passwords. once they do change passwords, the problem affects them also, so they lost mapped drives, and have to neter password to check their domain e-mail w/ outlook/exhcange.

It would seem to me that maybe their old password is cached somewhere on the domain controller and isn't being updated, so it's throwing a authentication box. I have tried logging on affected users from different workstations that they never used where domain credentials aren't cached and the same problem is there.

as more users change passwords when they expire more are being affected so i am in search of a solution and any help is much appreciated.
0
Comment
Question by:zackinma
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 17767462
Sounds like the two DC's are not fully replicated at this point.  Just need to make sure replication occurs and both are replicated with one another.
0
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 17767582
To help troubleshoot download ALtools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Load the acctinfo.dll as per instructions and target your ADUC to each DC and check each users password in the Additional Account Info tab.

Make sure both DC's are GC's:

Load AD Sites and Servies,
Expand your site and select servers
Expand each of your DC's and right click the NTDS settings and select Properties
Ensure Global Catalog is checked

You could force the desktops to wait for the network before they are allowed to logon:
On the desktop policy (gpedit.msc) or a GPO for the desktops go to this settings

Computer Configuration/Administrative Templates/System/Logon

Set the "Always wait for the network at computer startup and logon" to enabled.
Reboot the machine to get the policy and see if the problem clears.



0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question