Solved

Active Directory users can access with the old password !!!!

Posted on 2012-12-31
5
623 Views
Last Modified: 2013-01-12
Hello all,

We have many application and third party integrated with active directory but i face the following issue with all application also with Exchange 2010 SP2,

when i reset password for particular user he can access his account  with the old password for 2-5 minutes only  with integrated applications but domain logon works fine , is that a normal behavior, can we handle it , thanks all.
0
Comment
Question by:Bahloul
5 Comments
 
LVL 2

Expert Comment

by:thomasclm
ID: 38732136
If you have multiple domain controllers then it takes some time to replicate to other domain controllers.  So the authentication might be happening from a Domain Controller before its replicated from the domain controller where the password change happened.

Regards,
Thomas
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 38732154
0
 
LVL 3

Author Comment

by:Bahloul
ID: 38732776
Dear  thomasclm

i thought that then i shut down the additional domain controller but it's still later i discovered that it's a normal behavior from the A.D for 1 hour then it will expired, si still i need to reduce it as possible,

thanks .
0
 
LVL 3

Author Comment

by:Bahloul
ID: 38732822
Dear PeteLong

it's very helpful article but still i missing understand this key values :

On the Edit menu, click Add Value, and then add the following registry value:
Value Name: UserTokenTTL (Note This is case-sensitive!)
Data Type: REG_DWORD
Value Range: 0 - 0x7FFFFFFF (Note This unit is in seconds.)

how many seconds it will takes ?

also i need to make this with all integrated applications not Exchange only ,
0
 
LVL 4

Accepted Solution

by:
palicos earned 500 total points
ID: 38736152
Is there any configuration where you can modify or configure how long password should be cached or do you have any apps which syncs the password,

if yes, how often...??

 How is the replication configured or is there any issue with the replication between the DC's. The issue can be due to replication also.

You can disable the cache logon see this
http://technet.microsoft.com/en-us/library/cc755473(v=ws.10).aspx

Cached and Stored Credentials Technical Overview
http://technet.microsoft.com/en-us/library/hh994565(v=ws.10).aspx
http://support.microsoft.com/kb/913485?wa=wsignin1.0
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question