Solved

Password Problem in Active Directory

Posted on 2006-10-19
2
226 Views
Last Modified: 2010-04-18
Hi

I am having a problem with active directory and passwords. I am running 3 servers in a windows 2003 domain. All servers are 2003 server standard and 2 are domain controllers.

my problem is this. when a user's password expires they have to change it, which they do with no trouble. but from that point forward they are prompted for user id and password to access network resources. when they open outlook to check e-mail with exchange, they get prompted for their password, when they enter their NEW password it works ok. Also their home folders do not get mapped at logon, and they get a message at log off that their roaming profile can not be saved.

if you attempt to access server resources using UNC via \\servername you get prompted for a password, once entered you can access resources.

Active Directory is supposed to provide a single point of logon, and i have not had any problems in the past with users and passwords which have been changed in the past.

i have rebooted all servers, and the PDC seems to be working fine. It passed tests using dcdiag and netdiag w/ no problem and there is nothing in the event log.

Users who have not changed their passwords continue to have no problems until they do change their passwords. once they do change passwords, the problem affects them also, so they lost mapped drives, and have to neter password to check their domain e-mail w/ outlook/exhcange.

It would seem to me that maybe their old password is cached somewhere on the domain controller and isn't being updated, so it's throwing a authentication box. I have tried logging on affected users from different workstations that they never used where domain credentials aren't cached and the same problem is there.

as more users change passwords when they expire more are being affected so i am in search of a solution and any help is much appreciated.
0
Comment
Question by:zackinma
2 Comments
 
LVL 16

Expert Comment

by:kshays
ID: 17767462
Sounds like the two DC's are not fully replicated at this point.  Just need to make sure replication occurs and both are replicated with one another.
0
 
LVL 26

Accepted Solution

by:
Pber earned 500 total points
ID: 17767582
To help troubleshoot download ALtools:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Load the acctinfo.dll as per instructions and target your ADUC to each DC and check each users password in the Additional Account Info tab.

Make sure both DC's are GC's:

Load AD Sites and Servies,
Expand your site and select servers
Expand each of your DC's and right click the NTDS settings and select Properties
Ensure Global Catalog is checked

You could force the desktops to wait for the network before they are allowed to logon:
On the desktop policy (gpedit.msc) or a GPO for the desktops go to this settings

Computer Configuration/Administrative Templates/System/Logon

Set the "Always wait for the network at computer startup and logon" to enabled.
Reboot the machine to get the policy and see if the problem clears.



0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Can I install the McAfee 8.8 version on the windows 2003 server? 3 96
removing Exchange from an old windows 2003 DC 8 62
GPO Access denied in AD 12 53
Screen Mirroring 7 77
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question