I forced all the users in our windows 2003 domain to change their passwords yesterday (by selecting all in AD and choosing change password at next logon) and three strange things happened.
1) people were immediately not able to get to any intranet sites or LCS...it was as if their passwords expired immediately. isn't it supposed to be at next logon?
2) even when people would reboot, they wouldn't get prompted to change their password...it just wouldn't let them in with their old one so i'd have to reset it on the back-end.
3) after resetting their passwords, a few users are prompted when the start outlook even though it's supposed to pass their domain password like it did in the past.
this ended up being a real nightmare...i had to manually reset a lot of passwords and send out an email to the entire company on how to manually change their own password (if they were still in the system) and lock and reenter their computer to refresh the credentials.
This can't be how this was supposed to work...anybody know why it worked like this?
how can I fix problem #3?