?
Solved

Password Problem in Active Directory

Posted on 2006-10-19
2
Medium Priority
?
233 Views
Last Modified: 2010-04-18
Hi

I am having a problem with active directory and passwords. I am running 3 servers in a windows 2003 domain. All servers are 2003 server standard and 2 are domain controllers.

my problem is this. when a user's password expires they have to change it, which they do with no trouble. but from that point forward they are prompted for user id and password to access network resources. when they open outlook to check e-mail with exchange, they get prompted for their password, when they enter their NEW password it works ok. Also their home folders do not get mapped at logon, and they get a message at log off that their roaming profile can not be saved.

if you attempt to access server resources using UNC via \\servername you get prompted for a password, once entered you can access resources.

Active Directory is supposed to provide a single point of logon, and i have not had any problems in the past with users and passwords which have been changed in the past.

i have rebooted all servers, and the PDC seems to be working fine. It passed tests using dcdiag and netdiag w/ no problem and there is nothing in the event log.

Users who have not changed their passwords continue to have no problems until they do change their passwords. once they do change passwords, the problem affects them also, so they lost mapped drives, and have to neter password to check their domain e-mail w/ outlook/exhcange.

It would seem to me that maybe their old password is cached somewhere on the domain controller and isn't being updated, so it's throwing a authentication box. I have tried logging on affected users from different workstations that they never used where domain credentials aren't cached and the same problem is there.

as more users change passwords when they expire more are being affected so i am in search of a solution and any help is much appreciated.
0
Comment
Question by:zackinma
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Expert Comment

by:Kevin Hays
ID: 17767462
Sounds like the two DC's are not fully replicated at this point.  Just need to make sure replication occurs and both are replicated with one another.
0
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 17767582
To help troubleshoot download ALtools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Load the acctinfo.dll as per instructions and target your ADUC to each DC and check each users password in the Additional Account Info tab.

Make sure both DC's are GC's:

Load AD Sites and Servies,
Expand your site and select servers
Expand each of your DC's and right click the NTDS settings and select Properties
Ensure Global Catalog is checked

You could force the desktops to wait for the network before they are allowed to logon:
On the desktop policy (gpedit.msc) or a GPO for the desktops go to this settings

Computer Configuration/Administrative Templates/System/Logon

Set the "Always wait for the network at computer startup and logon" to enabled.
Reboot the machine to get the policy and see if the problem clears.



0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question