bungeecork
asked on
How long after an AD account password is reset does the user notice?
Hi there,
If I reset a users AD password (directory server is 2008 - workstation is XP) the users access to the workstation is not immediately affected. They continue to have access to documents and Exchange emails for some time. Even if they lock their computer they can unlock it with the old password.
If I reset someones password, what needs to happen beofre the are locked out of the system and how long will that take?
Thanks
If I reset a users AD password (directory server is 2008 - workstation is XP) the users access to the workstation is not immediately affected. They continue to have access to documents and Exchange emails for some time. Even if they lock their computer they can unlock it with the old password.
If I reset someones password, what needs to happen beofre the are locked out of the system and how long will that take?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The ticket must have expired in the night, assuming teh user came in the day at 9:00 AM and logged into his system.
The AD(kerberos) granted the user with a ticket that was valid for 10 hours. After the ticket expires the ticket is renewed by default but since the credentials were not valid the ticket was not renewed.
The AD(kerberos) granted the user with a ticket that was valid for 10 hours. After the ticket expires the ticket is renewed by default but since the credentials were not valid the ticket was not renewed.
ASKER
We use NTLM not Kerberos. Does the same apply with NTLM?
You use Kerberos and NTLM, iirc Kerberos it is the default first try protocol, if that fails NTLM will be used.
SaadAhmedFarooqui is right, if a user is logged in while their password is reset it will have no effect/they will not notice until they need to re-authenticate, which may not be until their current ticket expires or they log off or they need to authenticate to another system....resetting passwords while users are logged in is not normal. Typically you should disable the account or configure the account to expire itself at a set date and time.
SaadAhmedFarooqui is right, if a user is logged in while their password is reset it will have no effect/they will not notice until they need to re-authenticate, which may not be until their current ticket expires or they log off or they need to authenticate to another system....resetting passwords while users are logged in is not normal. Typically you should disable the account or configure the account to expire itself at a set date and time.
ASKER
Her account password was reset at the end of the day as per policy. The goal is to prevent remote access for that account. We assumed the password reset would only affect new logons and therefore thought the user would be able to work on. However later the same night they were unable to send emails and reported being locked out from their computer.