"You are not authorized to change your password at this time"

M

Mike Matheny

AD domain mixed mode - users off-site via T-1, no DC on site. Everyone gets
this error when prompted to change their password at logon, some get it
trying to change the password after logon. Complex passwords enforced - even
using a completely different password doesn't work.

Any ideas would be awesomely appreciated.
 
S

Steven L Umbach

Maybe it is a connectivity problem with finding a domain controller or
staying connected to it and depending on the operating system, such as
downlevel clients, they may need to contact the pdc fsmo. The netdiag
support tool would help if run on a domain computer [W2K/XP pro] from the
remote site to see if the computer has proper connectivity and name
resolution to the domain. Also check Event Viewer on the problem computers
for any clues and enable auditing for account logon and account management
in Domain Controller Security Policy which may provide clues via recorded
events when this happens. A simple ping from the remote site to domain
controllers using their fully qualified domain names may also be worthwhile.
Users can have their accounts configured to not allow the user to change
their password in AD Users and Computers if you have not check that
t. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

"You are not allowed to change your password" 5
Password Policy 1
"You do not have permission to change your password" only when expired 10
User must change password at next logon...strange behaviour 1
Users unable to change password at logon 5
VPN password synch 1
User unable to change Password 2
Cannot change password at logon 1

Top