ThorinO
asked on
Domain user can't change password from their PC, don't have old password
I have a user who is joined to the domain and connected over a VPN connection. Their domain password has been changed and now their computer wants the new password. The problem is that the user does not know the old password.
So there are two problems/questions.
1. Can I find out what the old password was so I can update the desktop
2. When I update the desktop will it update the cached login information so she can log into the domain with the updated password?
So there are two problems/questions.
1. Can I find out what the old password was so I can update the desktop
2. When I update the desktop will it update the cached login information so she can log into the domain with the updated password?
Can you set VPN to launch before windows? If so this would resolve this issue. If not can you RDP to the machine?
is the desktop locked with the old password? Was the user signed into the desktop when the domain password was changed?
If this is the case, just need to restart the PC and the user should be able to login with the new credentials
If this is the case, just need to restart the PC and the user should be able to login with the new credentials
ASKER
It is using the Windows based VPN client, I don't know if it can connect before logging in.
The user can log in with the old cached password, however it doesn't take that as the old one when trying to change the password.
The user can log in with the old cached password, however it doesn't take that as the old one when trying to change the password.
You will not be able to find out the old password, but you can reset the password in Active Directory by 'right clicking' the user account and resetting the password.
If the login screen is asking for an old password, then a new, go into the AD account by 'right clicking' the user and choosing properties. On the account tab, unclick the item 'User must change password' and click item 'Password never expires'. Reset the password to a temp one, log in, then back out. In AD reverse the process and now the user will know the old password and can change to one they like.
All the best..
If the login screen is asking for an old password, then a new, go into the AD account by 'right clicking' the user and choosing properties. On the account tab, unclick the item 'User must change password' and click item 'Password never expires'. Reset the password to a temp one, log in, then back out. In AD reverse the process and now the user will know the old password and can change to one they like.
All the best..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Log in with the cached password....
Navigate to C:\Window\system32\cmd.exe
Rt Click it>Run As... (might need to hold SHIFT+Click RunAs...
Select the user "Domain\Username"
Password is "NewPassword"
This will cache the new credentials on the machine, allowing access via the cached profile with the CURRENT password. No need for the old one.
This is all assuming that the cached profile fully works, and the connection to the VPN works.
Also, sometimes locking the screen while connected to VPN, and entering the new/current credentials will also work. Windows usually tells you it needs the new credentials, and to lock/unlock the workstation....
Navigate to C:\Window\system32\cmd.exe
Rt Click it>Run As... (might need to hold SHIFT+Click RunAs...
Select the user "Domain\Username"
Password is "NewPassword"
This will cache the new credentials on the machine, allowing access via the cached profile with the CURRENT password. No need for the old one.
This is all assuming that the cached profile fully works, and the connection to the VPN works.
Also, sometimes locking the screen while connected to VPN, and entering the new/current credentials will also work. Windows usually tells you it needs the new credentials, and to lock/unlock the workstation....