Solved

Password Problem in Active Directory

Posted on 2006-10-19
2
223 Views
Last Modified: 2010-04-18
Hi

I am having a problem with active directory and passwords. I am running 3 servers in a windows 2003 domain. All servers are 2003 server standard and 2 are domain controllers.

my problem is this. when a user's password expires they have to change it, which they do with no trouble. but from that point forward they are prompted for user id and password to access network resources. when they open outlook to check e-mail with exchange, they get prompted for their password, when they enter their NEW password it works ok. Also their home folders do not get mapped at logon, and they get a message at log off that their roaming profile can not be saved.

if you attempt to access server resources using UNC via \\servername you get prompted for a password, once entered you can access resources.

Active Directory is supposed to provide a single point of logon, and i have not had any problems in the past with users and passwords which have been changed in the past.

i have rebooted all servers, and the PDC seems to be working fine. It passed tests using dcdiag and netdiag w/ no problem and there is nothing in the event log.

Users who have not changed their passwords continue to have no problems until they do change their passwords. once they do change passwords, the problem affects them also, so they lost mapped drives, and have to neter password to check their domain e-mail w/ outlook/exhcange.

It would seem to me that maybe their old password is cached somewhere on the domain controller and isn't being updated, so it's throwing a authentication box. I have tried logging on affected users from different workstations that they never used where domain credentials aren't cached and the same problem is there.

as more users change passwords when they expire more are being affected so i am in search of a solution and any help is much appreciated.
0
Comment
Question by:zackinma
2 Comments
 
LVL 16

Expert Comment

by:kshays
Comment Utility
Sounds like the two DC's are not fully replicated at this point.  Just need to make sure replication occurs and both are replicated with one another.
0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
Comment Utility
To help troubleshoot download ALtools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Load the acctinfo.dll as per instructions and target your ADUC to each DC and check each users password in the Additional Account Info tab.

Make sure both DC's are GC's:

Load AD Sites and Servies,
Expand your site and select servers
Expand each of your DC's and right click the NTDS settings and select Properties
Ensure Global Catalog is checked

You could force the desktops to wait for the network before they are allowed to logon:
On the desktop policy (gpedit.msc) or a GPO for the desktops go to this settings

Computer Configuration/Administrative Templates/System/Logon

Set the "Always wait for the network at computer startup and logon" to enabled.
Reboot the machine to get the policy and see if the problem clears.



0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now