Changing Domain User password on demand not working
I helped an IT Admin change his password.
I went to the User in ADUC or AD Users and Computers tool on the DC and did this:
I reset the password with a random password and checked the box: The User must change the password at the next logon.
This did not change the password and the User wasn't prompted to change the password!
Next:
I reset the password with a known password and UNchecked the box: The User must change the password at the next logon.
This did change the password and the User wasn't prompted to change the password - just as expected.
Next:
The user tried to change his own password using ADUC and Access was Denied.
Does any of this ring a bell?
I did find this:
https://support.microsoft.com/en-us/help/832481/user-must-change-password-at-next-logon-check-box-is-unavailable
but it seems a somewhat different case.
I went to the User in ADUC or AD Users and Computers tool on the DC and did this:
I reset the password with a random password and checked the box: The User must change the password at the next logon.
This did not change the password and the User wasn't prompted to change the password!
Next:
I reset the password with a known password and UNchecked the box: The User must change the password at the next logon.
This did change the password and the User wasn't prompted to change the password - just as expected.
Next:
The user tried to change his own password using ADUC and Access was Denied.
Does any of this ring a bell?
I did find this:
https://support.microsoft.com/en-us/help/832481/user-must-change-password-at-next-logon-check-box-is-unavailable
but it seems a somewhat different case.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks!! Even with the great guidance, I never did find the smoking gun. We just "re-did" it and got the new password entered.
ASKER
The domain User has some limited domain admin privileges and is in a User OU with others of that type.
I've forced replication. We do try to limit immediate actions to the same DC when making the changes and testing them.
I don't see that there is an "affected computer"...
The minimum password age is "0".