• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

"Your password will expire in 7 days" after password change

Hello Experts

We are running Windows 2003 Active Directory in my domain - contoso.com. We have two AD sites - HQ and Branch1.

An IT user in Branch1 recv's a notification that their password needs to changed: "Your password will expire in 7 days" when he logs onto CL1 (Windows XP) in Branch1. So he connects onto the Branch1 DC and changes his password via ADUC. Note: he has not logged off CL1 - he connects to Branch1 DC using the CL1 session.

He then goes to lunch for half and hour and comes back. When he unlocks his machine, he gets a notification that "YOur will password will expire in 7 days".

The replication interval between Branch1 and HQ is 1 hour. All the FSMO roles are held on HQ DC's.

Can anyone explain this?



 
0
Joe_Budden
Asked:
Joe_Budden
  • 5
  • 3
  • 2
2 Solutions
 
MrMintanetCommented:
It sounds like the replication interval between Branch1 and HQ is 1 hour. All the FSMO roles are held on HQ DC's.
0
 
senadCommented:
This is probably a group policy setting so you should check it on the server.
0
 
MrMintanetCommented:
You should put a DC over at Branch 1.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
senadCommented:
In your default domain policy ( or a policy at that level ) change this setting to 5 and it will change it for everybody

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive Logon: Prompt user to change password before expiration
0
 
MrMintanetCommented:
Bust out a DCDIAG from CMD Prompt.  Any errors?
0
 
Joe_BuddenAuthor Commented:
Hi All

There *is* a DC at Branch1 - that's where the IT user changed his password using ADUC.

I'm not sure what the Group Policy change to 5 actually changes?

Just to confirm - even though the user changed their password using ADUC, would we not expect anymore "Your password will expire in 7 days" messages, even though he hadn't logged out and back in again?
0
 
MrMintanetCommented:
What do you get when you do a DCDIAG at Branch1?
0
 
Joe_BuddenAuthor Commented:
No errors, but this situation happened in the past - I was just wondering if it was expected or not.
0
 
MrMintanetCommented:
I've had the same problem in the past.  I noticed that if I used one DC, the change would be instant.  If I used the other DC, it would be delayed.  Long story short, I never used the DC that delayed for changes and simply relied on it as my BU DC.
0
 
senadCommented:
That was just an example....you can set it to never expire if you like....
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now