Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Unable to change domain password when logged in as local user
Unable to change domain password when logged in as local user [message #161249] Mon, 21 September 2009 14:17 Go to next message
sixty6nova  is currently offline sixty6nova  United States
Messages: 1
Registered: September 2009
Junior Member
I have a relatively small network-1 file server which is the DC. Server
runs Win2003 and all workstations are Win XP Pro SP3. We have
previously not required password changes, but now will require them
changed every 90 days. I set up the policy, and checked the option on
all the user accounts "user must change password at next logon". This
has worked fine on all the desktops-all of those PCs are members of the
domain. The laptops are another story.

All of the laptops are not members of the domain. They are still
members of the default WORKGROUP that XP creates on installation if you
don't join a domain at that time. I have renamed the local
Administrator account and created its password to match that person's
domain username & password. This way when they are out of the office,
they are logging in locally and do not have to wait for it to search for
the domain, then use a cached domain profile. (some of these users are
rarely in the office). And when they are in the office, since the local
login & password is the same as the domain login & pwd, they can access
domain resources such as printers & file shares without logging in
again.

Now that I have checked "user must change password at next logon" for
all the domain user accounts, this is what happens on the laptops:
Log in to the local PC as normal (since they are on a workgroup, the
option to choose a domain isn't even present in the logon box).
Everything comes up normally, then if you try to open a shared folder,
you get another login box. I enter the username and password, and the
login box just comes back, this time with LOCALPCNAME\username in the
username box. So i've tried changing that to DOMAINNAME\username; login
box just comes back again. I've tried using the fully qualified domain
username (user@something.whatever) and that doesn't work.

Why isn't it letting them login, then asking them to change their
domain password?
Thanks,
Jennifer


--
sixty6nova
------------------------------------------------------------ ------------
sixty6nova's Profile: http://forums.techarena.in/members/137379.htm
View this thread: http://forums.techarena.in/active-directory/1249480.htm

http://forums.techarena.in
Re: Unable to change domain password when logged in as local user [message #161255 is a reply to message #161249] Mon, 21 September 2009 22:11 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"sixty6nova" <sixty6nova.3yvqvb@DoNotSpam.com> wrote in message
news:sixty6nova.3yvqvb@DoNotSpam.com...
>
> I have a relatively small network-1 file server which is the DC. Server
> runs Win2003 and all workstations are Win XP Pro SP3. We have
> previously not required password changes, but now will require them
> changed every 90 days. I set up the policy, and checked the option on
> all the user accounts "user must change password at next logon". This
> has worked fine on all the desktops-all of those PCs are members of the
> domain. The laptops are another story.
>
> All of the laptops are not members of the domain. They are still
> members of the default WORKGROUP that XP creates on installation if you
> don't join a domain at that time. I have renamed the local
> Administrator account and created its password to match that person's
> domain username & password. This way when they are out of the office,
> they are logging in locally and do not have to wait for it to search for
> the domain, then use a cached domain profile. (some of these users are
> rarely in the office). And when they are in the office, since the local
> login & password is the same as the domain login & pwd, they can access
> domain resources such as printers & file shares without logging in
> again.
>
> Now that I have checked "user must change password at next logon" for
> all the domain user accounts, this is what happens on the laptops:
> Log in to the local PC as normal (since they are on a workgroup, the
> option to choose a domain isn't even present in the logon box).
> Everything comes up normally, then if you try to open a shared folder,
> you get another login box. I enter the username and password, and the
> login box just comes back, this time with LOCALPCNAME\username in the
> username box. So i've tried changing that to DOMAINNAME\username; login
> box just comes back again. I've tried using the fully qualified domain
> username (user@something.whatever) and that doesn't work.
>
> Why isn't it letting them login, then asking them to change their
> domain password?
> Thanks,
> Jennifer
>
>
> --
> sixty6nova
> ------------------------------------------------------------ ------------
> sixty6nova's Profile: http://forums.techarena.in/members/137379.htm
> View this thread: http://forums.techarena.in/active-directory/1249480.htm
>
> http://forums.techarena.in
>


The system will not allow a password change when trying to logon to access a
resource (mapped drive, UNC, etc). The user literally must logon to the
domain to do this. It's a security stipulation.

I don't quite agree wtih the way you have this setup. Honestly, this is the
first I've heard of doing it this way, especially with renaming the local
admin account on a laptop to the user's domain account. I have a customer
with remote clients that are hardly in the office. They would come by every
two months. However, they logon with using a VPN, and they get prompted to
change the password once logged on. Also, users can opt to change their
passwords through OWA.

So I don't fully agree with this solution, and from what you've seen, it's
causing some issues.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Unable to change domain password when logged in as local user [message #328126 is a reply to message #161255] Thu, 26 November 2009 03:20 Go to previous message
day_gg  is currently offline day_gg  United States
Messages: 1
Registered: November 2009
Junior Member
I think you're complicating things here.

Yes, I too think it a bit unorthodox how you have your setup but to get
round the problem all you need to do is get the laptop users to log on
via one of the PCs on the network. When they log on to a network PC it
will prompt them to change their password.

Then you can result back to them using their laptops.

You will of course get this issue every 90 days.

One other thing you could try like was mentioned in the last post is to
set them up on a VPN and when they log on via that it will prompt them
to change their password.

Hope this helps :)


--
day_gg
------------------------------------------------------------ ------------
day_gg's Profile: http://forums.techarena.in/members/158358.htm
View this thread: http://forums.techarena.in/active-directory/1249480.htm

http://forums.techarena.in
Previous Topic:Domain cannot resolve IP address correctly.
Next Topic:Strange Replication Issue
Goto Forum:
  


Current Time: Tue Jan 16 10:41:48 MST 2018

Total time taken to generate the page: 0.03583 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software