Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Password Change - Users unable to login
Password Change - Users unable to login [message #156645] Mon, 22 June 2009 22:22 Go to next message
microsoft[1]  is currently offline microsoft[1]
Messages: 46
Registered: July 2009
Member
Hi

I am running a Windows 2000 Server Domain Controller. I have approximately
30 users who are running Windows XP.

The issue:

No GP is defined for password or account policy. However users cannot
change their passwords at will. To make matters worse, when I login to the
DC and change the password on their behalf, the user is unable to login.

Error "Check your username and password and ensure that the domain is correct"

What can I do to correct this issue. Is there a tool that I can run to see
all the GPOs which are applied to a domain.

Regards
Re: Password Change - Users unable to login [message #156651 is a reply to message #156645] Tue, 23 June 2009 01:56 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Microsoft,

The password policy will be set on domain level, if nothing additional configured
from yourself the Default domain policy will be used. So check that one first.

On the computers you can run gpresult /v or rsop to check for the applied
polciies and settings.

What exact error message do they get when trying to change the password?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi
>
> I am running a Windows 2000 Server Domain Controller. I have
> approximately 30 users who are running Windows XP.
>
> The issue:
>
> No GP is defined for password or account policy. However users cannot
> change their passwords at will. To make matters worse, when I login
> to the DC and change the password on their behalf, the user is unable
> to login.
>
> Error "Check your username and password and ensure that the domain is
> correct"
>
> What can I do to correct this issue. Is there a tool that I can run to
> see all the GPOs which are applied to a domain.
>
> Regards
>
Re: Password Change - Users unable to login [message #156654 is a reply to message #156645] Tue, 23 June 2009 02:46 Go to previous messageGo to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

microsoft schrieb:
> No GP is defined for password or account policy. However users cannot
> change their passwords at will. To make matters worse, when I login to the
> DC and change the password on their behalf, the user is unable to login.

Well, at least the Default Domain Policy has a built-in Password Policy
in place. As long as you didn't tweak/delete it, it applies for all users.

> Error "Check your username and password and ensure that the domain is correct"

Have you checked connectivity to the domain controller as well as the
connectivity between the DCs? Is replication taking place correctly? I
could think of an issue with the pdc chaining on password check.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Password Change - Users unable to login [message #156657 is a reply to message #156654] Tue, 23 June 2009 04:02 Go to previous messageGo to next message
Andrei Ungureanu  is currently offline Andrei Ungureanu  Romania
Messages: 82
Registered: July 2009
Member
Agree. Check the DC that has the PDC role and the replications between DCs.

Andrei Ungureanu

"Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris în
mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
> Howdie!
>
> microsoft schrieb:
>> No GP is defined for password or account policy. However users cannot
>> change their passwords at will. To make matters worse, when I login to
>> the DC and change the password on their behalf, the user is unable to
>> login.
>
> Well, at least the Default Domain Policy has a built-in Password Policy in
> place. As long as you didn't tweak/delete it, it applies for all users.
>
>> Error "Check your username and password and ensure that the domain is
>> correct"
>
> Have you checked connectivity to the domain controller as well as the
> connectivity between the DCs? Is replication taking place correctly? I
> could think of an issue with the pdc chaining on password check.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Password Change - Users unable to login [message #156672 is a reply to message #156657] Tue, 23 June 2009 10:05 Go to previous messageGo to next message
microsoft[1]  is currently offline microsoft[1]
Messages: 46
Registered: July 2009
Member
hi all

thanks for your comments, could you kindly identify how to check that the
DCs are replicating properly. What should I look for.

thanks

"Andrei Ungureanu" wrote:

> Agree. Check the DC that has the PDC role and the replications between DCs.
>
> Andrei Ungureanu
>
> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris în
> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
> > Howdie!
> >
> > microsoft schrieb:
> >> No GP is defined for password or account policy. However users cannot
> >> change their passwords at will. To make matters worse, when I login to
> >> the DC and change the password on their behalf, the user is unable to
> >> login.
> >
> > Well, at least the Default Domain Policy has a built-in Password Policy in
> > place. As long as you didn't tweak/delete it, it applies for all users.
> >
> >> Error "Check your username and password and ensure that the domain is
> >> correct"
> >
> > Have you checked connectivity to the domain controller as well as the
> > connectivity between the DCs? Is replication taking place correctly? I
> > could think of an issue with the pdc chaining on password check.
> >
> > Cheers,
> > Florian
> > --
> > Microsoft MVP - Group Policy
> > eMail: prename [at] frickelsoft [dot] net.
> > blog: http://www.frickelsoft.net/blog.
> > Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
>
>
Re: Password Change - Users unable to login [message #156674 is a reply to message #156672] Tue, 23 June 2009 10:17 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Microsoft,

If not done, install the support\tools\suptools.msi from the installation
disk and run repadmin /showrepl or use replmon (GUI version)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> hi all
>
> thanks for your comments, could you kindly identify how to check that
> the DCs are replicating properly. What should I look for.
>
> thanks
>
> "Andrei Ungureanu" wrote:
>
>> Agree. Check the DC that has the PDC role and the replications
>> between DCs.
>>
>> Andrei Ungureanu
>>
>> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a
>> scris în mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>>
>>> Howdie!
>>>
>>> microsoft schrieb:
>>>
>>>> No GP is defined for password or account policy. However users
>>>> cannot change their passwords at will. To make matters worse, when
>>>> I login to the DC and change the password on their behalf, the user
>>>> is unable to login.
>>>>
>>> Well, at least the Default Domain Policy has a built-in Password
>>> Policy in place. As long as you didn't tweak/delete it, it applies
>>> for all users.
>>>
>>>> Error "Check your username and password and ensure that the domain
>>>> is correct"
>>>>
>>> Have you checked connectivity to the domain controller as well as
>>> the connectivity between the DCs? Is replication taking place
>>> correctly? I could think of an issue with the pdc chaining on
>>> password check.
>>>
>>> Cheers,
>>> Florian
>>> --
>>> Microsoft MVP - Group Policy
>>> eMail: prename [at] frickelsoft [dot] net.
>>> blog: http://www.frickelsoft.net/blog.
>>> Maillist (german):
>>> http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Password Change - Users unable to login [message #156677 is a reply to message #156645] Tue, 23 June 2009 10:30 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Microsoft,

If replication is succesful and clients doesn't get policies let us start
at the basic with DNS, please post an unedited ipconfig /all from a client
and both DC/DNS servers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi
>
> Based on the support tools - Replmon the DCs are indicating that the
> replication is occuring successfully.
>
> Kindly advise.
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello Microsoft,
>>
>> If not done, install the support\tools\suptools.msi from the
>> installation disk and run repadmin /showrepl or use replmon (GUI
>> version)
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> hi all
>>>
>>> thanks for your comments, could you kindly identify how to check
>>> that the DCs are replicating properly. What should I look for.
>>>
>>> thanks
>>>
>>> "Andrei Ungureanu" wrote:
>>>
>>>> Agree. Check the DC that has the PDC role and the replications
>>>> between DCs.
>>>>
>>>> Andrei Ungureanu
>>>>
>>>> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a
>>>> scris în mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>>>>
>>>>> Howdie!
>>>>>
>>>>> microsoft schrieb:
>>>>>
>>>>>> No GP is defined for password or account policy. However users
>>>>>> cannot change their passwords at will. To make matters worse,
>>>>>> when I login to the DC and change the password on their behalf,
>>>>>> the user is unable to login.
>>>>>>
>>>>> Well, at least the Default Domain Policy has a built-in Password
>>>>> Policy in place. As long as you didn't tweak/delete it, it applies
>>>>> for all users.
>>>>>
>>>>>> Error "Check your username and password and ensure that the
>>>>>> domain is correct"
>>>>>>
>>>>> Have you checked connectivity to the domain controller as well as
>>>>> the connectivity between the DCs? Is replication taking place
>>>>> correctly? I could think of an issue with the pdc chaining on
>>>>> password check.
>>>>>
>>>>> Cheers,
>>>>> Florian
>>>>> --
>>>>> Microsoft MVP - Group Policy
>>>>> eMail: prename [at] frickelsoft [dot] net.
>>>>> blog: http://www.frickelsoft.net/blog.
>>>>> Maillist (german):
>>>>> http://frickelsoft.net/cms/index.php?page=mailingliste
Re: Password Change - Users unable to login [message #156678 is a reply to message #156674] Tue, 23 June 2009 10:27 Go to previous messageGo to next message
microsoft[1]  is currently offline microsoft[1]
Messages: 46
Registered: July 2009
Member
Hi

Based on the support tools - Replmon the DCs are indicating that the
replication is occuring successfully.

Kindly advise.

"Meinolf Weber [MVP-DS]" wrote:

> Hello Microsoft,
>
> If not done, install the support\tools\suptools.msi from the installation
> disk and run repadmin /showrepl or use replmon (GUI version)
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > hi all
> >
> > thanks for your comments, could you kindly identify how to check that
> > the DCs are replicating properly. What should I look for.
> >
> > thanks
> >
> > "Andrei Ungureanu" wrote:
> >
> >> Agree. Check the DC that has the PDC role and the replications
> >> between DCs.
> >>
> >> Andrei Ungureanu
> >>
> >> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a
> >> scris în mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
> >>
> >>> Howdie!
> >>>
> >>> microsoft schrieb:
> >>>
> >>>> No GP is defined for password or account policy. However users
> >>>> cannot change their passwords at will. To make matters worse, when
> >>>> I login to the DC and change the password on their behalf, the user
> >>>> is unable to login.
> >>>>
> >>> Well, at least the Default Domain Policy has a built-in Password
> >>> Policy in place. As long as you didn't tweak/delete it, it applies
> >>> for all users.
> >>>
> >>>> Error "Check your username and password and ensure that the domain
> >>>> is correct"
> >>>>
> >>> Have you checked connectivity to the domain controller as well as
> >>> the connectivity between the DCs? Is replication taking place
> >>> correctly? I could think of an issue with the pdc chaining on
> >>> password check.
> >>>
> >>> Cheers,
> >>> Florian
> >>> --
> >>> Microsoft MVP - Group Policy
> >>> eMail: prename [at] frickelsoft [dot] net.
> >>> blog: http://www.frickelsoft.net/blog.
> >>> Maillist (german):
> >>> http://frickelsoft.net/cms/index.php?page=mailingliste
>
>
>
Re: Password Change - Users unable to login [message #156680 is a reply to message #156672] Tue, 23 June 2009 10:52 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Forgot to mention,
- Are you using UPN format? If yes check if a GC is available.
- Are you using domain\username format? Check if you're logging in the
correct domain or if you're attempting to do a local login with a domain
account.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"microsoft" <microsoft@discussions.microsoft.com> wrote in message
news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
> hi all
>
> thanks for your comments, could you kindly identify how to check that the
> DCs are replicating properly. What should I look for.
>
> thanks
>
> "Andrei Ungureanu" wrote:
>
>> Agree. Check the DC that has the PDC role and the replications between
>> DCs.
>>
>> Andrei Ungureanu
>>
>> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris în
>> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>> > Howdie!
>> >
>> > microsoft schrieb:
>> >> No GP is defined for password or account policy. However users cannot
>> >> change their passwords at will. To make matters worse, when I login
>> >> to
>> >> the DC and change the password on their behalf, the user is unable to
>> >> login.
>> >
>> > Well, at least the Default Domain Policy has a built-in Password Policy
>> > in
>> > place. As long as you didn't tweak/delete it, it applies for all users.
>> >
>> >> Error "Check your username and password and ensure that the domain is
>> >> correct"
>> >
>> > Have you checked connectivity to the domain controller as well as the
>> > connectivity between the DCs? Is replication taking place correctly? I
>> > could think of an issue with the pdc chaining on password check.
>> >
>> > Cheers,
>> > Florian
>> > --
>> > Microsoft MVP - Group Policy
>> > eMail: prename [at] frickelsoft [dot] net.
>> > blog: http://www.frickelsoft.net/blog.
>> > Maillist (german):
>> > http://frickelsoft.net/cms/index.php?page=mailingliste
>>
>>
Re: Password Change - Users unable to login [message #156681 is a reply to message #156672] Tue, 23 June 2009 10:50 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
Install suppor tools and from cmd line run
repadmin /replsummary /bydst /bysrc /sort:delta
or
you can try manuall replication using ADSS and check for errors on event
log.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"microsoft" <microsoft@discussions.microsoft.com> wrote in message
news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
> hi all
>
> thanks for your comments, could you kindly identify how to check that the
> DCs are replicating properly. What should I look for.
>
> thanks
>
> "Andrei Ungureanu" wrote:
>
>> Agree. Check the DC that has the PDC role and the replications between
>> DCs.
>>
>> Andrei Ungureanu
>>
>> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris în
>> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>> > Howdie!
>> >
>> > microsoft schrieb:
>> >> No GP is defined for password or account policy. However users cannot
>> >> change their passwords at will. To make matters worse, when I login
>> >> to
>> >> the DC and change the password on their behalf, the user is unable to
>> >> login.
>> >
>> > Well, at least the Default Domain Policy has a built-in Password Policy
>> > in
>> > place. As long as you didn't tweak/delete it, it applies for all users.
>> >
>> >> Error "Check your username and password and ensure that the domain is
>> >> correct"
>> >
>> > Have you checked connectivity to the domain controller as well as the
>> > connectivity between the DCs? Is replication taking place correctly? I
>> > could think of an issue with the pdc chaining on password check.
>> >
>> > Cheers,
>> > Florian
>> > --
>> > Microsoft MVP - Group Policy
>> > eMail: prename [at] frickelsoft [dot] net.
>> > blog: http://www.frickelsoft.net/blog.
>> > Maillist (german):
>> > http://frickelsoft.net/cms/index.php?page=mailingliste
>>
>>
Re: Password Change - Users unable to login [message #156683 is a reply to message #156680] Tue, 23 June 2009 11:47 Go to previous messageGo to next message
microsoft[1]  is currently offline microsoft[1]
Messages: 46
Registered: July 2009
Member
Hi

I am using the domain\username format
I have two GC in the domain
Based on the tools it seems like the domain controllers are replicating
successfully

I removed the pc from the domain and readded it. That seemed to resolve the
issue

I was able to login. I will test the resetting of the users password from
the pc and ensure that issue is also resolved.

I had tow domains running in this environment. All of the DCs have been
removed from the previous domain. How can I remove that domain name from the
users pc drop down list when they go to login to their computers

Thanks

"Jorge Silva" wrote:

> Forgot to mention,
> - Are you using UPN format? If yes check if a GC is available.
> - Are you using domain\username format? Check if you're logging in the
> correct domain or if you're attempting to do a local login with a domain
> account.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
> news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
> > hi all
> >
> > thanks for your comments, could you kindly identify how to check that the
> > DCs are replicating properly. What should I look for.
> >
> > thanks
> >
> > "Andrei Ungureanu" wrote:
> >
> >> Agree. Check the DC that has the PDC role and the replications between
> >> DCs.
> >>
> >> Andrei Ungureanu
> >>
> >> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris în
> >> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
> >> > Howdie!
> >> >
> >> > microsoft schrieb:
> >> >> No GP is defined for password or account policy. However users cannot
> >> >> change their passwords at will. To make matters worse, when I login
> >> >> to
> >> >> the DC and change the password on their behalf, the user is unable to
> >> >> login.
> >> >
> >> > Well, at least the Default Domain Policy has a built-in Password Policy
> >> > in
> >> > place. As long as you didn't tweak/delete it, it applies for all users.
> >> >
> >> >> Error "Check your username and password and ensure that the domain is
> >> >> correct"
> >> >
> >> > Have you checked connectivity to the domain controller as well as the
> >> > connectivity between the DCs? Is replication taking place correctly? I
> >> > could think of an issue with the pdc chaining on password check.
> >> >
> >> > Cheers,
> >> > Florian
> >> > --
> >> > Microsoft MVP - Group Policy
> >> > eMail: prename [at] frickelsoft [dot] net.
> >> > blog: http://www.frickelsoft.net/blog.
> >> > Maillist (german):
> >> > http://frickelsoft.net/cms/index.php?page=mailingliste
> >>
> >>
>
Re: Password Change - Users unable to login [message #156695 is a reply to message #156683] Tue, 23 June 2009 14:32 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Ok,
The "extra" domain was in a different forest with a trust or it was in the
same forest?

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"microsoft" <microsoft@discussions.microsoft.com> wrote in message
news:2F0F8692-AEAB-4D29-9059-6DF0E4E58AC8@microsoft.com...
> Hi
>
> I am using the domain\username format
> I have two GC in the domain
> Based on the tools it seems like the domain controllers are replicating
> successfully
>
> I removed the pc from the domain and readded it. That seemed to resolve
> the
> issue
>
> I was able to login. I will test the resetting of the users password from
> the pc and ensure that issue is also resolved.
>
> I had tow domains running in this environment. All of the DCs have been
> removed from the previous domain. How can I remove that domain name from
> the
> users pc drop down list when they go to login to their computers
>
> Thanks
>
> "Jorge Silva" wrote:
>
>> Forgot to mention,
>> - Are you using UPN format? If yes check if a GC is available.
>> - Are you using domain\username format? Check if you're logging in the
>> correct domain or if you're attempting to do a local login with a domain
>> account.
>>
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
>> news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
>> > hi all
>> >
>> > thanks for your comments, could you kindly identify how to check that
>> > the
>> > DCs are replicating properly. What should I look for.
>> >
>> > thanks
>> >
>> > "Andrei Ungureanu" wrote:
>> >
>> >> Agree. Check the DC that has the PDC role and the replications between
>> >> DCs.
>> >>
>> >> Andrei Ungureanu
>> >>
>> >> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris
>> >> în
>> >> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>> >> > Howdie!
>> >> >
>> >> > microsoft schrieb:
>> >> >> No GP is defined for password or account policy. However users
>> >> >> cannot
>> >> >> change their passwords at will. To make matters worse, when I
>> >> >> login
>> >> >> to
>> >> >> the DC and change the password on their behalf, the user is unable
>> >> >> to
>> >> >> login.
>> >> >
>> >> > Well, at least the Default Domain Policy has a built-in Password
>> >> > Policy
>> >> > in
>> >> > place. As long as you didn't tweak/delete it, it applies for all
>> >> > users.
>> >> >
>> >> >> Error "Check your username and password and ensure that the domain
>> >> >> is
>> >> >> correct"
>> >> >
>> >> > Have you checked connectivity to the domain controller as well as
>> >> > the
>> >> > connectivity between the DCs? Is replication taking place correctly?
>> >> > I
>> >> > could think of an issue with the pdc chaining on password check.
>> >> >
>> >> > Cheers,
>> >> > Florian
>> >> > --
>> >> > Microsoft MVP - Group Policy
>> >> > eMail: prename [at] frickelsoft [dot] net.
>> >> > blog: http://www.frickelsoft.net/blog.
>> >> > Maillist (german):
>> >> > http://frickelsoft.net/cms/index.php?page=mailingliste
>> >>
>> >>
>>
Re: Password Change - Users unable to login [message #156718 is a reply to message #156695] Tue, 23 June 2009 21:50 Go to previous messageGo to next message
microsoft[1]  is currently offline microsoft[1]
Messages: 46
Registered: July 2009
Member
I am not sure of the correct terminology - each domain had a separate name
space e.g Domain A - Fred.com and Domain B - Bob.com

There was a trust between the two domains.

Hope this helps

"Jorge Silva" wrote:

> Ok,
> The "extra" domain was in a different forest with a trust or it was in the
> same forest?
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
> news:2F0F8692-AEAB-4D29-9059-6DF0E4E58AC8@microsoft.com...
> > Hi
> >
> > I am using the domain\username format
> > I have two GC in the domain
> > Based on the tools it seems like the domain controllers are replicating
> > successfully
> >
> > I removed the pc from the domain and readded it. That seemed to resolve
> > the
> > issue
> >
> > I was able to login. I will test the resetting of the users password from
> > the pc and ensure that issue is also resolved.
> >
> > I had tow domains running in this environment. All of the DCs have been
> > removed from the previous domain. How can I remove that domain name from
> > the
> > users pc drop down list when they go to login to their computers
> >
> > Thanks
> >
> > "Jorge Silva" wrote:
> >
> >> Forgot to mention,
> >> - Are you using UPN format? If yes check if a GC is available.
> >> - Are you using domain\username format? Check if you're logging in the
> >> correct domain or if you're attempting to do a local login with a domain
> >> account.
> >>
> >> --
> >> I hope that the information above helps you.
> >> Have a Nice day.
> >>
> >> Jorge Silva
> >> MVP Directory Services
> >> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
> >> news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
> >> > hi all
> >> >
> >> > thanks for your comments, could you kindly identify how to check that
> >> > the
> >> > DCs are replicating properly. What should I look for.
> >> >
> >> > thanks
> >> >
> >> > "Andrei Ungureanu" wrote:
> >> >
> >> >> Agree. Check the DC that has the PDC role and the replications between
> >> >> DCs.
> >> >>
> >> >> Andrei Ungureanu
> >> >>
> >> >> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a scris
> >> >> în
> >> >> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
> >> >> > Howdie!
> >> >> >
> >> >> > microsoft schrieb:
> >> >> >> No GP is defined for password or account policy. However users
> >> >> >> cannot
> >> >> >> change their passwords at will. To make matters worse, when I
> >> >> >> login
> >> >> >> to
> >> >> >> the DC and change the password on their behalf, the user is unable
> >> >> >> to
> >> >> >> login.
> >> >> >
> >> >> > Well, at least the Default Domain Policy has a built-in Password
> >> >> > Policy
> >> >> > in
> >> >> > place. As long as you didn't tweak/delete it, it applies for all
> >> >> > users.
> >> >> >
> >> >> >> Error "Check your username and password and ensure that the domain
> >> >> >> is
> >> >> >> correct"
> >> >> >
> >> >> > Have you checked connectivity to the domain controller as well as
> >> >> > the
> >> >> > connectivity between the DCs? Is replication taking place correctly?
> >> >> > I
> >> >> > could think of an issue with the pdc chaining on password check.
> >> >> >
> >> >> > Cheers,
> >> >> > Florian
> >> >> > --
> >> >> > Microsoft MVP - Group Policy
> >> >> > eMail: prename [at] frickelsoft [dot] net.
> >> >> > blog: http://www.frickelsoft.net/blog.
> >> >> > Maillist (german):
> >> >> > http://frickelsoft.net/cms/index.php?page=mailingliste
> >> >>
> >> >>
> >>
>
Re: Password Change - Users unable to login [message #156724 is a reply to message #156718] Wed, 24 June 2009 04:05 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
- Ok, can you check what type of trust it is?

- I'm sorry to stress this, but is important to know if that domain is
within the same forest or in a different forest, the reason is related to
metadata clean up "Assuming a domain trust within the same forest". If you
removed a "dead" DC, and that DC was in a domain tree or child domain in the
same forest, you need to perform metadata cleanup for the DC and for the
domain.The KB216498 explains how to do that step-by step.

- If it was a different forest in a different domain, you can simply remove
the trust in DomainsandTrusts mmc console.

- To check what trust type do you have, please open your Active Directory
Domains and Trusts mmc console, and under the properties of your domain
select the trusts tab and check the trust that you have "Trust Type".

-Trust type: External and Forest trusts you may assume that the domain is in
a different forest, and as I said before you can simply remove it "You'll
get an error saying that the other side of the trust couldn't be contacted,
bla,bla,bla"

-Trust type: Parent, Child, Tree, shorcut... Means that you have a trust
within the same forest and you need to perform metadata cleanup using the KB
that I provided before.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"microsoft" <microsoft@discussions.microsoft.com> wrote in message
news:C901A85B-44D2-42C1-8ACA-AE50D9F7F318@microsoft.com...
>I am not sure of the correct terminology - each domain had a separate name
> space e.g Domain A - Fred.com and Domain B - Bob.com
>
> There was a trust between the two domains.
>
> Hope this helps
>
> "Jorge Silva" wrote:
>
>> Ok,
>> The "extra" domain was in a different forest with a trust or it was in
>> the
>> same forest?
>>
>> --
>> I hope that the information above helps you.
>> Have a Nice day.
>>
>> Jorge Silva
>> MVP Directory Services
>> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
>> news:2F0F8692-AEAB-4D29-9059-6DF0E4E58AC8@microsoft.com...
>> > Hi
>> >
>> > I am using the domain\username format
>> > I have two GC in the domain
>> > Based on the tools it seems like the domain controllers are replicating
>> > successfully
>> >
>> > I removed the pc from the domain and readded it. That seemed to
>> > resolve
>> > the
>> > issue
>> >
>> > I was able to login. I will test the resetting of the users password
>> > from
>> > the pc and ensure that issue is also resolved.
>> >
>> > I had tow domains running in this environment. All of the DCs have
>> > been
>> > removed from the previous domain. How can I remove that domain name
>> > from
>> > the
>> > users pc drop down list when they go to login to their computers
>> >
>> > Thanks
>> >
>> > "Jorge Silva" wrote:
>> >
>> >> Forgot to mention,
>> >> - Are you using UPN format? If yes check if a GC is available.
>> >> - Are you using domain\username format? Check if you're logging in the
>> >> correct domain or if you're attempting to do a local login with a
>> >> domain
>> >> account.
>> >>
>> >> --
>> >> I hope that the information above helps you.
>> >> Have a Nice day.
>> >>
>> >> Jorge Silva
>> >> MVP Directory Services
>> >> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
>> >> news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
>> >> > hi all
>> >> >
>> >> > thanks for your comments, could you kindly identify how to check
>> >> > that
>> >> > the
>> >> > DCs are replicating properly. What should I look for.
>> >> >
>> >> > thanks
>> >> >
>> >> > "Andrei Ungureanu" wrote:
>> >> >
>> >> >> Agree. Check the DC that has the PDC role and the replications
>> >> >> between
>> >> >> DCs.
>> >> >>
>> >> >> Andrei Ungureanu
>> >> >>
>> >> >> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a
>> >> >> scris
>> >> >> în
>> >> >> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>> >> >> > Howdie!
>> >> >> >
>> >> >> > microsoft schrieb:
>> >> >> >> No GP is defined for password or account policy. However users
>> >> >> >> cannot
>> >> >> >> change their passwords at will. To make matters worse, when I
>> >> >> >> login
>> >> >> >> to
>> >> >> >> the DC and change the password on their behalf, the user is
>> >> >> >> unable
>> >> >> >> to
>> >> >> >> login.
>> >> >> >
>> >> >> > Well, at least the Default Domain Policy has a built-in Password
>> >> >> > Policy
>> >> >> > in
>> >> >> > place. As long as you didn't tweak/delete it, it applies for all
>> >> >> > users.
>> >> >> >
>> >> >> >> Error "Check your username and password and ensure that the
>> >> >> >> domain
>> >> >> >> is
>> >> >> >> correct"
>> >> >> >
>> >> >> > Have you checked connectivity to the domain controller as well as
>> >> >> > the
>> >> >> > connectivity between the DCs? Is replication taking place
>> >> >> > correctly?
>> >> >> > I
>> >> >> > could think of an issue with the pdc chaining on password check.
>> >> >> >
>> >> >> > Cheers,
>> >> >> > Florian
>> >> >> > --
>> >> >> > Microsoft MVP - Group Policy
>> >> >> > eMail: prename [at] frickelsoft [dot] net.
>> >> >> > blog: http://www.frickelsoft.net/blog.
>> >> >> > Maillist (german):
>> >> >> > http://frickelsoft.net/cms/index.php?page=mailingliste
>> >> >>
>> >> >>
>> >>
>>
Re: Password Change - Users unable to login [message #156725 is a reply to message #156724] Wed, 24 June 2009 04:27 Go to previous message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Correction,
ShortCut trust doesn't apply in this context.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"Jorge Silva" <jorgesilva_pt@hotmail.com> wrote in message
news:B68586A7-66D6-48E5-BAF9-3F4C21460471@microsoft.com...
>- Ok, can you check what type of trust it is?
>
> - I'm sorry to stress this, but is important to know if that domain is
> within the same forest or in a different forest, the reason is related to
> metadata clean up "Assuming a domain trust within the same forest". If you
> removed a "dead" DC, and that DC was in a domain tree or child domain in
> the same forest, you need to perform metadata cleanup for the DC and for
> the domain.The KB216498 explains how to do that step-by step.
>
> - If it was a different forest in a different domain, you can simply
> remove the trust in DomainsandTrusts mmc console.
>
> - To check what trust type do you have, please open your Active Directory
> Domains and Trusts mmc console, and under the properties of your domain
> select the trusts tab and check the trust that you have "Trust Type".
>
> -Trust type: External and Forest trusts you may assume that the domain is
> in a different forest, and as I said before you can simply remove it
> "You'll get an error saying that the other side of the trust couldn't be
> contacted, bla,bla,bla"
>
> -Trust type: Parent, Child, Tree, shorcut... Means that you have a trust
> within the same forest and you need to perform metadata cleanup using the
> KB that I provided before.
>
> --
> I hope that the information above helps you.
> Have a Nice day.
>
> Jorge Silva
> MVP Directory Services
> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
> news:C901A85B-44D2-42C1-8ACA-AE50D9F7F318@microsoft.com...
>>I am not sure of the correct terminology - each domain had a separate name
>> space e.g Domain A - Fred.com and Domain B - Bob.com
>>
>> There was a trust between the two domains.
>>
>> Hope this helps
>>
>> "Jorge Silva" wrote:
>>
>>> Ok,
>>> The "extra" domain was in a different forest with a trust or it was in
>>> the
>>> same forest?
>>>
>>> --
>>> I hope that the information above helps you.
>>> Have a Nice day.
>>>
>>> Jorge Silva
>>> MVP Directory Services
>>> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
>>> news:2F0F8692-AEAB-4D29-9059-6DF0E4E58AC8@microsoft.com...
>>> > Hi
>>> >
>>> > I am using the domain\username format
>>> > I have two GC in the domain
>>> > Based on the tools it seems like the domain controllers are
>>> > replicating
>>> > successfully
>>> >
>>> > I removed the pc from the domain and readded it. That seemed to
>>> > resolve
>>> > the
>>> > issue
>>> >
>>> > I was able to login. I will test the resetting of the users password
>>> > from
>>> > the pc and ensure that issue is also resolved.
>>> >
>>> > I had tow domains running in this environment. All of the DCs have
>>> > been
>>> > removed from the previous domain. How can I remove that domain name
>>> > from
>>> > the
>>> > users pc drop down list when they go to login to their computers
>>> >
>>> > Thanks
>>> >
>>> > "Jorge Silva" wrote:
>>> >
>>> >> Forgot to mention,
>>> >> - Are you using UPN format? If yes check if a GC is available.
>>> >> - Are you using domain\username format? Check if you're logging in
>>> >> the
>>> >> correct domain or if you're attempting to do a local login with a
>>> >> domain
>>> >> account.
>>> >>
>>> >> --
>>> >> I hope that the information above helps you.
>>> >> Have a Nice day.
>>> >>
>>> >> Jorge Silva
>>> >> MVP Directory Services
>>> >> "microsoft" <microsoft@discussions.microsoft.com> wrote in message
>>> >> news:89ABAB98-3CC3-4F6D-A13C-4E10F6EB99A0@microsoft.com...
>>> >> > hi all
>>> >> >
>>> >> > thanks for your comments, could you kindly identify how to check
>>> >> > that
>>> >> > the
>>> >> > DCs are replicating properly. What should I look for.
>>> >> >
>>> >> > thanks
>>> >> >
>>> >> > "Andrei Ungureanu" wrote:
>>> >> >
>>> >> >> Agree. Check the DC that has the PDC role and the replications
>>> >> >> between
>>> >> >> DCs.
>>> >> >>
>>> >> >> Andrei Ungureanu
>>> >> >>
>>> >> >> "Florian Frommherz [MVP]" <florian@frickelsoft.DELETETHIS.net> a
>>> >> >> scris
>>> >> >> în
>>> >> >> mesaj news:OUwcG688JHA.4376@TK2MSFTNGP04.phx.gbl...
>>> >> >> > Howdie!
>>> >> >> >
>>> >> >> > microsoft schrieb:
>>> >> >> >> No GP is defined for password or account policy. However users
>>> >> >> >> cannot
>>> >> >> >> change their passwords at will. To make matters worse, when I
>>> >> >> >> login
>>> >> >> >> to
>>> >> >> >> the DC and change the password on their behalf, the user is
>>> >> >> >> unable
>>> >> >> >> to
>>> >> >> >> login.
>>> >> >> >
>>> >> >> > Well, at least the Default Domain Policy has a built-in Password
>>> >> >> > Policy
>>> >> >> > in
>>> >> >> > place. As long as you didn't tweak/delete it, it applies for all
>>> >> >> > users.
>>> >> >> >
>>> >> >> >> Error "Check your username and password and ensure that the
>>> >> >> >> domain
>>> >> >> >> is
>>> >> >> >> correct"
>>> >> >> >
>>> >> >> > Have you checked connectivity to the domain controller as well
>>> >> >> > as
>>> >> >> > the
>>> >> >> > connectivity between the DCs? Is replication taking place
>>> >> >> > correctly?
>>> >> >> > I
>>> >> >> > could think of an issue with the pdc chaining on password check.
>>> >> >> >
>>> >> >> > Cheers,
>>> >> >> > Florian
>>> >> >> > --
>>> >> >> > Microsoft MVP - Group Policy
>>> >> >> > eMail: prename [at] frickelsoft [dot] net.
>>> >> >> > blog: http://www.frickelsoft.net/blog.
>>> >> >> > Maillist (german):
>>> >> >> > http://frickelsoft.net/cms/index.php?page=mailingliste
>>> >> >>
>>> >> >>
>>> >>
>>>
>
Previous Topic:How to backup/restore adam ?
Next Topic:Create Bindable Object in AD
Goto Forum:
  


Current Time: Fri Oct 20 10:06:21 EDT 2017

Total time taken to generate the page: 0.04376 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software