Solved

Domain Admin Password reset

Posted on 2013-01-12
7
586 Views
Last Modified: 2013-01-30
I would like  to know if there is a setting in GPO, that enables Domain Admins to reset their password  when expired and they try to logon to the domain.

for instance: I got a reminder pop up few days before my domain admin password expired, but did not change it..it hapened that I was off for few days and then when I came back, my password was already expired, and the other domain admin who works there was not in the office yet.
For a regular user password, even after it is expired, I can login to my workstation and will still let me type old password the new password, then be able to login but for the domain admin account, it did not.
how do I make the domain admin account prompts for old and new password o change it after it is expired
0
Comment
Question by:jskfan
  • 3
  • 3
7 Comments
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 375 total points
ID: 38769912
there shouldn't be anything stopping it creating a new password, as the process is the same when you change before its expired.

we can't log onto RDP sessions because we use NLA to authenticate and that won't do it with expired credentials
0
 

Author Comment

by:jskfan
ID: 38769955
I don't understand your point about RDP:

Do you mean if I logon directly to the console instead of RDP, it will prompt me to enter old/new password, but if I am using RDP, it will not ??/
0
 
LVL 4

Assisted Solution

by:Smighty
Smighty earned 125 total points
ID: 38769957
Just try to log on a client computer (or with OWA if it is published externally).
You should get a message stating "your password needs to be changed".

Just to clarify, did you set an expiration date to your Account? If yes, you may have blocked using your account until another Adminstrator unlocks your Account.

I recommend to create another user with a very strong password that all of your admins should know and use in an 'emergency' (like this).
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 375 total points
ID: 38769993
i haven't tried with RDP console but if you try a normal RDP sessions onto 2008R2 with an expired password it won't let as NLA doesn't like the expired password.

if you log on locally - as in physically at the workstation then its fine and then prompts you for a password change


Smighty has a good workaround but that only works if you have a mailbox attached to you Domain Admin account, which you probably wouldn't
0
 

Author Comment

by:jskfan
ID: 38772239
how do you RDP as just logging at the console ?
mstsc /console ?
0
 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 375 total points
ID: 38772880
That or mstsc /admin which works on 2008r2 and RDS
0
 

Author Closing Comment

by:jskfan
ID: 38836424
Thank you
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now