I am one of many that administer a large enterprise domain. We are currently having issues with random users unable to change their passwords upon expiration. Initially they will get an error stating "You do not have permission to change your password". It can be changed in Active Directory but if we select "User must change password at next logon" they will then receive the error "The Password on This Account cannot be changed at this time" This question seems to have been asked a lot and I have followed the advice given on several other threads but we still cannot move past this. We have a 2000 domain with some 2003 domain controllers. All client machines are XP.
Our Default Domain Policy is set to the following:
Computer Configurations | Windows Settings | Account Policies/Password Policy
Enforce password history 24 passwords remembered
Maximum password age 45 days
Minimum password age 0 days
Minimum Password length 8 characters
Password must meet complexity requirements enabled
Sore passwords using reversible encryption Disabled.
'Everyone' group is applied to all user objects with change password enabled.
Does anyone have any ideas?