Password issues - Multiple site - single AD/Forest

G

Guest

Have a customer with several WAN connected sites with a single AD/Forest
spreading the sites. A single Exchange server resides at HQ but each site has
a DC/GC server.

Have noticed that when people have to change their login password (90 day
mandatory rule) it does not always change the Exchange/Outlook password, this
has the effect that they cannot load Outlook as it asks for the old password,
this is easily rectified by closing Outlook and pressing Ctrl-Alt-Del and
changing the password again.

This seems to be intermittent and does not affect all of the people all of
the time but tends to be the remote office users, but sometimes happens at HQ.

All clients are XP with Outlook 2000, Servers are W2K and Exchange 2K with
latest Service packs etc..

I guess this is a password replication issue between the local DC and the HQ
Exchange server DC but would like a resolution.
 
P

Paul Bergson

This makes no sense. Outlook doesn't use authentication. What this sounds
like is the users are logging on locally and not to the domain. Check to
make sure the problem clients aren't logging on locally.
 
R

Ryan Hanisco

Outlook can have passwords/ authentication in a few different circumstances.

1. Local Outlook Passwords -- These are set by the user and are not tied to
the AD at all. instead this is a password set in the local application and
is easily cracked by utilities on the web. Even the source code of the
cracks is out there...

2. If the Exchange server is in a different domain that does not have a
two-way trust established, you will get this also. This happens in hosting
solutions, RPCoHTTP solutions, and cases where the trusts and/or DNS is not
working correctly. This is usually not a problem in parent-child domain
relationships as the trust is less prone to problems, but disjunct
namespaces or cross-forest trusts can effect this problem.

Verify that you DNS is working correctly (nslookup and netdiag /v) and that
your trusts and FSMO awareness is working (netdom and dcdiag /v). Let us
know what you find and give us a description of your AD structure.
 
G

Guest

The outlook client does not have local passwords - Instead when outlook
starts it uses the logon username/password credentials to check mailbox
rights on Outlook startup.

DNS is working OK and trusts is not an issue as it is a single domain. The
FSMO roles are all held at HQ with the Exchange server but each remote site
(Total 7) has a AD DC and GlobCat, with the entire tree replicated out as all
servers are root level as far as AD goes.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Forest & Child Domain Setup 5
Replication Topology Problems 1
Remote DCs in AD 11
Replication problems, site links/bridges and routed WAN IP 3
AD Site Setup Question 1
AD replication acceptable latency 1
Forest Consolidation 3
Upgrade Scenario to 2003 0

Top