Password issues - Multiple site - single AD/Forest

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Have a customer with several WAN connected sites with a single AD/Forest
spreading the sites. A single Exchange server resides at HQ but each site has
a DC/GC server.

Have noticed that when people have to change their login password (90 day
mandatory rule) it does not always change the Exchange/Outlook password, this
has the effect that they cannot load Outlook as it asks for the old password,
this is easily rectified by closing Outlook and pressing Ctrl-Alt-Del and
changing the password again.

This seems to be intermittent and does not affect all of the people all of
the time but tends to be the remote office users, but sometimes happens at HQ.

All clients are XP with Outlook 2000, Servers are W2K and Exchange 2K with
latest Service packs etc..

I guess this is a password replication issue between the local DC and the HQ
Exchange server DC but would like a resolution.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

This makes no sense. Outlook doesn't use authentication. What this sounds
like is the users are logging on locally and not to the domain. Check to
make sure the problem clients aren't logging on locally.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.



"jawshome" <jawshome@discussions.microsoft.com> wrote in message
news:14AE75A5-C981-4C9D-A70E-2C9624ED2486@microsoft.com...
> Have a customer with several WAN connected sites with a single AD/Forest
> spreading the sites. A single Exchange server resides at HQ but each site
has
> a DC/GC server.
>
> Have noticed that when people have to change their login password (90 day
> mandatory rule) it does not always change the Exchange/Outlook password,
this
> has the effect that they cannot load Outlook as it asks for the old
password,
> this is easily rectified by closing Outlook and pressing Ctrl-Alt-Del and
> changing the password again.
>
> This seems to be intermittent and does not affect all of the people all of
> the time but tends to be the remote office users, but sometimes happens at
HQ.
>
> All clients are XP with Outlook 2000, Servers are W2K and Exchange 2K with
> latest Service packs etc..
>
> I guess this is a password replication issue between the local DC and the
HQ
> Exchange server DC but would like a resolution.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Outlook can have passwords/ authentication in a few different circumstances.

1. Local Outlook Passwords -- These are set by the user and are not tied to
the AD at all. instead this is a password set in the local application and
is easily cracked by utilities on the web. Even the source code of the
cracks is out there...

2. If the Exchange server is in a different domain that does not have a
two-way trust established, you will get this also. This happens in hosting
solutions, RPCoHTTP solutions, and cases where the trusts and/or DNS is not
working correctly. This is usually not a problem in parent-child domain
relationships as the trust is less prone to problems, but disjunct
namespaces or cross-forest trusts can effect this problem.

Verify that you DNS is working correctly (nslookup and netdiag /v) and that
your trusts and FSMO awareness is working (netdom and dcdiag /v). Let us
know what you find and give us a description of your AD structure.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL

"Paul Bergson" <pbergson_nospam@allete.com> wrote in message
news:exO8GZuLFHA.3420@tk2msftngp13.phx.gbl...
> This makes no sense. Outlook doesn't use authentication. What this
> sounds
> like is the users are logging on locally and not to the domain. Check to
> make sure the problem clients aren't logging on locally.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
> "jawshome" <jawshome@discussions.microsoft.com> wrote in message
> news:14AE75A5-C981-4C9D-A70E-2C9624ED2486@microsoft.com...
>> Have a customer with several WAN connected sites with a single AD/Forest
>> spreading the sites. A single Exchange server resides at HQ but each site
> has
>> a DC/GC server.
>>
>> Have noticed that when people have to change their login password (90 day
>> mandatory rule) it does not always change the Exchange/Outlook password,
> this
>> has the effect that they cannot load Outlook as it asks for the old
> password,
>> this is easily rectified by closing Outlook and pressing Ctrl-Alt-Del and
>> changing the password again.
>>
>> This seems to be intermittent and does not affect all of the people all
>> of
>> the time but tends to be the remote office users, but sometimes happens
>> at
> HQ.
>>
>> All clients are XP with Outlook 2000, Servers are W2K and Exchange 2K
>> with
>> latest Service packs etc..
>>
>> I guess this is a password replication issue between the local DC and the
> HQ
>> Exchange server DC but would like a resolution.
>>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

The outlook client does not have local passwords - Instead when outlook
starts it uses the logon username/password credentials to check mailbox
rights on Outlook startup.

DNS is working OK and trusts is not an issue as it is a single domain. The
FSMO roles are all held at HQ with the Exchange server but each remote site
(Total 7) has a AD DC and GlobCat, with the entire tree replicated out as all
servers are root level as far as AD goes.

"Ryan Hanisco" wrote:

> Outlook can have passwords/ authentication in a few different circumstances.
>
> 1. Local Outlook Passwords -- These are set by the user and are not tied to
> the AD at all. instead this is a password set in the local application and
> is easily cracked by utilities on the web. Even the source code of the
> cracks is out there...
>
> 2. If the Exchange server is in a different domain that does not have a
> two-way trust established, you will get this also. This happens in hosting
> solutions, RPCoHTTP solutions, and cases where the trusts and/or DNS is not
> working correctly. This is usually not a problem in parent-child domain
> relationships as the trust is less prone to problems, but disjunct
> namespaces or cross-forest trusts can effect this problem.
>
> Verify that you DNS is working correctly (nslookup and netdiag /v) and that
> your trusts and FSMO awareness is working (netdom and dcdiag /v). Let us
> know what you find and give us a description of your AD structure.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> FlagShip Integration Services
> Chicago, IL
>
> "Paul Bergson" <pbergson_nospam@allete.com> wrote in message
> news:exO8GZuLFHA.3420@tk2msftngp13.phx.gbl...
> > This makes no sense. Outlook doesn't use authentication. What this
> > sounds
> > like is the users are logging on locally and not to the domain. Check to
> > make sure the problem clients aren't logging on locally.
> >
> > --
> >
> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >
> >
> >
> > "jawshome" <jawshome@discussions.microsoft.com> wrote in message
> > news:14AE75A5-C981-4C9D-A70E-2C9624ED2486@microsoft.com...
> >> Have a customer with several WAN connected sites with a single AD/Forest
> >> spreading the sites. A single Exchange server resides at HQ but each site
> > has
> >> a DC/GC server.
> >>
> >> Have noticed that when people have to change their login password (90 day
> >> mandatory rule) it does not always change the Exchange/Outlook password,
> > this
> >> has the effect that they cannot load Outlook as it asks for the old
> > password,
> >> this is easily rectified by closing Outlook and pressing Ctrl-Alt-Del and
> >> changing the password again.
> >>
> >> This seems to be intermittent and does not affect all of the people all
> >> of
> >> the time but tends to be the remote office users, but sometimes happens
> >> at
> > HQ.
> >>
> >> All clients are XP with Outlook 2000, Servers are W2K and Exchange 2K
> >> with
> >> latest Service packs etc..
> >>
> >> I guess this is a password replication issue between the local DC and the
> > HQ
> >> Exchange server DC but would like a resolution.
> >>
> >
> >
>
>
>