User Passwords

[Guest]

User get message "Password will expire in x days" the user changes the password and the next day gets the same message

does anyone know why the domain controler is not reconizing the change and still asking the user to change the password

Thank

David

 

[Cary Shultz [A.D. MVP]]

David,

Can you go to the DCs ( each one ) and enter 'net accounts'? What is the
output? Can you go to the user's computer and enter 'net accounts'? What
is the output?

Is it only this one particular user who has this problem? When was this
user account object created? How many user accounts do you have ( out of
curiosity )?

By default, I believe that your users will get the 'Password will expire in
14 days' message some 14 days before the password is going to expire. I
wrote "some 14 days" intentionally.

What is the maximum password age setting? meaning, for how long are the
passwords valid? If the passwords are valid for few than 14 days then they
will get this message all the time....

Go to your Domain Security Policy and look what is in there. What is in
there *should* match the output when you entered net accounts on the DCs as
well as the output when you entered net accounts on the user's computer.

HTH,

Cary

User get message "Password will expire in x days" the user changes the

password and the next day gets the same message.

does anyone know why the domain controler is not reconizing the change and

still asking the user to change the password?

 

[Jonathan Jesse]

I get this same problem only on my Windows XP service pack 1A machines.
However I have found that if the client does not change the password through
the prompt but goes CTR-ALT-Delete and select change password it then works.

From net accounts on one of my DCs
Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 40
Minimum password length: 7
Length of password history maintained: 6
Lockout threshold: 3
Lockout duration (minutes): 30
Lockout observation window (minutes): 20
Computer role: PRIMARY
The command completed successfully.

Jonathan

 

[Guest]

I'm having the same problem. When I check my security policies the local settings are different then the effective settings, doe s this matter? Out of 30 users two of them are having this problem that I know of. Starting to worry that my active directory is having problems. Becuase at the same time when changing user setting in active directory on the 2000 server the settings are not always saved.

 

[Guest]

After running 'net accounts on both DC and workstation they com up the same. One user used the ctrl+alt+del to change password and the other clicked yes on the message stating that password needs changed. In both cases the new password works, but the message keeps coming up. Password it set to expire in 92 days.

 

[Jonathan Jesse]

Just wondering if anyone has any more information on this. I have searched
google and technet and can't find anything to help me out. My net accounts
match, once again it appears to just be a problem with my Windows XP
clients, who aren't domain admins

After running 'net accounts on both DC and workstation they com up the

same. One user used the ctrl+alt+del to change password and the other
clicked yes on the message stating that password needs changed. In both
cases the new password works, but the message keeps coming up. Password it
set to expire in 92 days.

 

[Cary Shultz [A.D. MVP]]

Nick,

Yes, it does matter. You want the 'output' to be the same on the DC and on
the client. You might want to look at the ADLockout tools ( altools.exe ).
There are a couple of really neat tools in there for this password situation
( acctinfo.dll and lockoutstatus.exe are two that come to mind ).

I would also ask if there are multiple Domain Controllers in your
environment. If so, have you checked to make sure that all is well with
your AD replication?

HTH,

Cary

I'm having the same problem. When I check my security policies the local

settings are different then the effective settings, doe s this matter? Out
of 30 users two of them are having this problem that I know of. Starting to
worry that my active directory is having problems. Becuase at the same time
when changing user setting in active directory on the 2000 server the
settings are not always saved.

 

[Cary Shultz [A.D. MVP]]

There is a setting in the Domain Security Policy ( Start | Programs |
Administrative Tools ) that is supposed to control this. Take a look at the
following:

Windows Settings
Security Settings
Local Policies
Security Options

There are a slew of settings there. Take a look about 20 entries down for
"Prompt user to change password before expiration" - or something in that
vein - and look at the value. This is normally defaulted to 14 days. Is it
possible that someone changed it to 92 days ( assuming that the very first
time that the users get this it states "your password will expire in 92
days. would you like to change it now?" )?

HTH,

Cary

After running 'net accounts on both DC and workstation they com up the

same. One user used the ctrl+alt+del to change password and the other
clicked yes on the message stating that password needs changed. In both
cases the new password works, but the message keeps coming up. Password it
set to expire in 92 days.

 

[Cary Shultz [A.D. MVP]]

Hopefully the two responses that I just gave will lead you to an answer.

Cary