ad user issue

Posted on 2009-02-12
Last Modified: 2012-05-06
have a ad acount that we changed the password and now can not logon with teh account it says teh pasword is bad then says teh account is disabled we look in aduc and it is not disabled
Question by:zenworksb
    LVL 32

    Expert Comment

    by:Rodney Barnhardt
    Do you have more than one DC? Maybe the change has not replicated to the one they authenticate to, I have seen that happen before, especially over a WAN.

    Author Comment

    we have three dc is there a way to force this

    Expert Comment

    Try resetting the password using enhanced password. I.E (P@S5w0rd!1) But make it longer and use at least  2 upper 2 lower 2 special an d2 numbers in the password and also verify the the account is not locked out and has no login restrictions. If all else fails you can delete the account and recreate it keeping in mind this will change the account SID. You want to avoid this if the account is tied to any services provided by your domain I.E SQL or Sharepoint etc... If you can provide more detail I can help you better.

    LVL 15

    Accepted Solution

    Password changes should not have replication problems as long as the PDC emulator is available.

    REPLMON allow you to force replication.  

    Is the account locked out?  How did you check to see if the account is disabled?  If you do a search in AD Users and Computers, a disabled account does NOT show the disabled icon.  You need to right click on it and see if you can disable it or enable it.  

    If you look at the account in it's location in the OU hierarchy, it will show as disabled if it's disabled.

    Author Comment

    ok we are trying that
    what they did is change dit on windows and changed it in novell and tehn on teh novell client tehy did change password and then that did not worked

    Author Comment

    ok it looks like it is just happening on citirx?

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
    I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now