Solved

Server Enterprise, 2003, SP2, Active Directory/Password Problems

Posted on 2008-10-13
6
183 Views
Last Modified: 2013-11-08
I use a mixed mode Active Directory

There is currently a Password Policy in place for Password Age, Length, Complexity, and History

I HAVE TO, change a users password back to what it originally was. (Long Story). I have turned the policy(via GPO) off, and I still can not reset this password back to what it was.

I have a 10 CITY MPLS Network, with 10 Domain Controllers. Is replication and Propagation hampering me?
0
Comment
Question by:kplais1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22706144
1. Start > Administrative Tools > Domain Security Policy
2. Security Settings > Account Policies > Password Policy.
3. Right-click on Minimum password length in the right pane. Click Properties from the context menu.
4. Do not remove the check from the Define this policy setting checkbox! Enter a new minimum password length. Entering a Zero (0) will remove the password requirement. Click the OK button.
5. Double-click on Passwords must meet complexity requirements in the right pane.
6. Do not remove the check from the Define this policy setting checkbox! Select the Disabled option.(This will allow simpler passwords.) Click the OK button.
7. Close the Default Domain Security Settings window.
8. Click Start > Run > cmd {enter}
9. Type gpupdate /force {enter}
10. Type exit {enter}
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22706176
To make sure the domain controllers replicate,
1) Open Active Directory Sites and Services
2) Navigate to Sites, Default-First-Site-Name, Servers, SERVIDOR, NTDS Settings
3) in the right side, right click <automatically generated>, click Replicate Now.

This assumes a default site structure. You can also check event logs to see if replication has taken place before testing your new settings... replication will usually happen every 15 to 20 minutes.

Now, to make sure the client computer has received the GP changes, you can simply reboot it, or if XP Pro, run gpupdate /force in a command window.
0
 
LVL 1

Author Comment

by:kplais1
ID: 22706210
Thanks, but why when I log into Domain Controller, and go to Domain Security Policy, It says I do not have access. I am in the Domain Admin Group, Enterprise Admin Group. So I can't access that on the DC. I also tried in other cities and can't get to it either.
0
MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22706302
i think you are domain admin of a different domain and you try to access a policy of another domain..you better add yourself to be domain domain in your root domain.....
0
 
LVL 1

Author Comment

by:kplais1
ID: 22706493
We are only a one domain shop. I am a domain admin, on the correct domain.

Here is the Error again.
whenever i tried to open the 'Domain Controller Security Policy' or the 'Domain Security Policy', I'll get this error message saying, 'Failed to open the Group Policy Object. You may not have appropriate rights'. And under the details information, it shows 'The system cannot find the path specified'
0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 500 total points
ID: 22706575
1.ok..do you have 2 nics.The two NICs might be the problem. On your external NIC, make sure that the "Register this connection's addresses in DNS" in the TCP/IP settings is unchecked. And just to be sure, in your DNS server's properties, make sure the DNS service only listens on your internal address.
Then check your forward lookup zone for leftover entries with your DC's name and the external address.

2.are you using GPMC with sp1 to access group policy, if not download and install the latest one,
http://www.microsoft.com/downloads/details.aspx?familyid=0a6d4c24-8cbd-4b35-9272-dd3cbfc81887&displaylang=en

3.Check the following article from Microsoft Support:
http://support.microsoft.com/kb/294257
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/2000/Q_21879349.html
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question