<div>
To explain further, it was the users last day with the Firm and the departure was amicable. &nbsp;She decided to work back after normal office hours to finish some tasks with her managers approval. &nbsp;<br />
<br />
Her account password was reset at the end of the day as per policy. &nbsp;The goal is to prevent remote access for that account. &nbsp;We assumed the password reset would only affect new logons and therefore thought the user would be able to work on. &nbsp;However later the same night they were unable to send emails and reported being locked out from their computer.<br />
<br />

</div>


<div>
The ticket must have expired in the night, assuming teh user came in the day at 9:00 AM and logged into his system.<br />
<br />
The AD(kerberos) granted the user with a ticket that was valid for 10 hours. After the ticket expires the ticket is renewed by default but since the credentials were not valid the ticket was not renewed.<br />
<br />
&nbsp; 
</div>


<div>
We use NTLM not Kerberos. &nbsp;Does the same apply with NTLM?
</div>


<div>
You use Kerberos and NTLM, iirc Kerberos it is the default first try protocol, if that fails NTLM will be used.<br />
<br />
&nbsp;SaadAhmedFarooqui is right, if a user is logged in while their password is reset it will have no effect/they will not notice until they need to re-authenticate, which may not be until their current ticket expires or they log off or they need to authenticate to another system....resetting passwords while users are logged in is not normal. Typically you should disable the account or configure the account to expire itself at a set date and time.<br />

</div>


<div>
<div class="content wysiwyg-content">
Hi there,<br />
<br />
If I reset a users AD password (directory server is 2008 - workstation is XP) &nbsp;the users access to the workstation is not immediately affected. &nbsp;They continue to have access to documents and Exchange emails for some time. &nbsp;Even if they lock their computer they can unlock it with the old password.<br />
<br />
If I reset someones password, what needs to happen beofre the are locked out of the system and how long will that take?<br />
<br />
Thanks 
</div>
</div>


Hi there,

If I reset a users AD password (directory server is 2008 - workstation is XP)  the users access to the workstation is not immediately affected.  They continue to have access to documents and Exchange emails for some time.  Even if they lock their computer they can unlock it with the old password.

If I reset someones password, what needs to happen beofre the are locked out of the system and how long will that take?

Thanks 

How long after an AD account password is reset does the user notice?

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.