Need Password Policy Help

  • Thread starter Thread starter James Hutchins
  • Start date Start date
J

James Hutchins

My Environment:
Windows 2000 Active Directory (SP4)Servers & Windows XP
(SP1) Workstations.
I have an Active Directory Policy setup for the entire
domain to force the users to change their password every
56 days.
Policy Setting are as follows:
Enfore password history = 10 passwords remembered
Maximum password age = 56 days
Minimum password age = 0 days
Minimum password length = 6 characters
Password must meet complexity requirements = Disabled
Store password using reversible encryption for all users
in the domain = Disabled.

My problem:
Once the user starts getting the warning that their
password expires after x days, and they change their
password, then the next day when they login then they get
the same message and have to change it again. This goes
on and on until they call our IT department and have an
admin to manually reset their password. I have noticed
that if the user waits till the last day, where x=1 then
when they change their password then it keeps it.

Any suggestions?
Thanks
 
Try setting minimum password age to a non 0 value. Does that change the
behaviour?

Try posting in the server groups for more chance of an answer.
eg. microsoft.public.win2000.group_policy

Regards
Mark Dormer
 
James,

How many domain controllers are in your domain? Have you take a look to
see if replication is working as expected?


This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks for the responses.

Not all users have this problem. It seems to be sporadic
across our domain as far as locations go, but typically
with the same users at these locations.

The password policy is set at the domain level also.

I have 13 DCs in our Domain, 3 at our main site and the
others a remote locations. We have had calls that users
at the main site, as well as users off-site have
encountered this problem.

I have run DCDIAG and NETDIAG on all the domain
controllers and everything checks out OK.

I think the KB article that Steven, from the
microsoft.public.win2000.group_policy newsgroup, told me
to try may resolve my problem. The everyone security
setting was not there and we did migrate all the users
using the active directory migration tool.
http://support.microsoft.com/default.aspx?scid=kb;en-
us;258788

I will just need to wait until one of the problem users
password changes.

Thanks Again.
 
Back
Top