General discussion

Locked

Passwords expire without forcing change

By sbaumann ·
I have a situation over a 3000 user infrastructure running W2K Active Directory. Forced password changing is set at 90 days. The users receive a 10 day away reminder, but that is it. Once the 10 days expire, they can log on to the network, but get achange password box when opening Outlook or network shares. Why isn't it forcing them to change their password when they attempt to log in after the 10 day period? This is really messing with my remote users.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Passwords expire without forcing change

by BeerMonster In reply to Passwords expire without ...

Hi,
I stand to be corrected, but I think the key here is you saying 'my remote users' - are these people coming in over dial up by any chance. What I'm guessing is that the initial login to the local machine is being done when they are not connected to your network, which is therefore using cached credentials - bear in mind that the local machine knows nothing about the password change requirement, that's enforced by your domain controllers. Once logged in, your users connect to your network via the dial in, and from that point on every time they connect to a network resource - thus prompting the resource to check the users credentials with a dc (it's actually a bit more complicated than that with win2k but the end result is the same)- the fact that the password has expired is causing the prompt.....

Collapse -

Passwords expire without forcing change

by sbaumann In reply to Passwords expire without ...

I understand what you are saying, but it's not the problem. The users that are in the office are getting the same problem and they didn't authenticate locally.

Collapse -

Passwords expire without forcing change

by Kinetechs In reply to Passwords expire without ...

I'd check to make sure all your DCs are replicating correctly. It could be that the DC that is doing the initial authentication doesn't have the correct GPO and/or the user object properties have not been replicated. Check Event Viewer and use Replication Monitor.

Hope this is helpful.
Cheers!
~Sean

Collapse -

Passwords expire without forcing change

by sbaumann In reply to Passwords expire without ...

I think we are definately dealing with a group policy replication issue as the office of the PDC emulator isn't reporting the problem. Thanks for the push in the right direction.

Collapse -

Passwords expire without forcing change

by sbaumann In reply to Passwords expire without ...

This question was closed by the author

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums