Domain Controller Issue

Posted on 2009-04-23
Last Modified: 2012-05-06
We had Toronto office in which users passwords expired without giving
them a password change warning.
Is it something I need to set on the Toronto AD controller  to receive that message?
Question by:kiran_kumar01
    LVL 57

    Expert Comment

    by:Mike Kline
    You can set a group policy against the Toronto machines (not sure what you have set now)
    Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
    The setting is >> Interactive logon: Prompt user to change password before expiration
    LVL 18

    Accepted Solution

    Usually we set this policy while enabling the domain password policy. If you did the samething then the policy is at the domain level which should apply to all your domain controllers. Unless you have a separate GPO link only to the Domain Controllers OU or have no GPO that specifically configured this Interactive Logon for prompting user to change password before expiration, or you unless you have moved your Toronto DC out of the domain contorllers OU, otherwise all users should get the Prompt to change password. You can verify this by verify a machine that gets the prompt against the one that does not and see what policies are applied to them, use the GPRESULT at the command prompt. Or if you have GPMC, take a look at the setting of your default doamin policy or the policy that you have the password policy configured would be a good start.

    Author Closing Comment

    Hi All,

    The policy was set at domain level. The problem was with replication to this particular DC.

    Thanks for all your help


    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
    Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now