Sign in with
Sign up | Sign in
Your question

Active Directory 2003 Interactive Logon change password lo..

Last response: in Windows 2000/NT
Share
Anonymous
July 26, 2004 5:19:29 PM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

We have a windows environment using Active Directory on Server 2003.
We have 1 forest, 1 domain and 3 sites. Each site has 1 DC. client
machines are running XP sp1. When users receive Interactive Logon
message warning of password expiration and user chooses "yes, i want
to change my password", the users account will lock out shortly
afterward. usually, the lockout occurs when trying to access mail. we
are running exchange 2000 in a cluster with a server acting as a
connector with active directory. information store is on a virtual
server on Hitachi SAN. If user selects, "NO" and then changes
password using ctrl,alt,delete - everything is fine. none of the
servers association with Exchange 2000 are DCs. replication between
DCs works fine, although in this case, something seems to not be
replicating correctly. any help on this matter would be greatly
appreciated. thanks
Anonymous
July 27, 2004 12:53:16 AM

Archived from groups: microsoft.public.win2000.group_policy (More info?)

I have not experienced your exact problem but two possibilities come to mind. In
Windows 2000 if the security option for additional restrictions for anonymous
connections is set to "no access without explicit anonymous permissions" is enabled
it has been know to cause password change problems with XP computers. There is not an
identical setting in Windows 2003 Server but if you look at the KB link below it will
show a registry setting to check. If the registry settings is "2" for
restrictanonymous then the Windows 2003 domain controllers have a similar security
setting applied.

http://support.microsoft.com/?kbid=246261


Another thing to check is that he everyone group has change password permissions to
the user's container as explained in the KB below. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;258788

"joe ferguson" <truckstopradio@yahoo.com> wrote in message
news:c3f075cd.0407261219.1aecee02@posting.google.com...
> We have a windows environment using Active Directory on Server 2003.
> We have 1 forest, 1 domain and 3 sites. Each site has 1 DC. client
> machines are running XP sp1. When users receive Interactive Logon
> message warning of password expiration and user chooses "yes, i want
> to change my password", the users account will lock out shortly
> afterward. usually, the lockout occurs when trying to access mail. we
> are running exchange 2000 in a cluster with a server acting as a
> connector with active directory. information store is on a virtual
> server on Hitachi SAN. If user selects, "NO" and then changes
> password using ctrl,alt,delete - everything is fine. none of the
> servers association with Exchange 2000 are DCs. replication between
> DCs works fine, although in this case, something seems to not be
> replicating correctly. any help on this matter would be greatly
> appreciated. thanks
!