none
Expired network password

    Question

  • We have a NT Domain with three servers and about 100 users.  The original DC was windows 2000 SP4.  We added a windows 2008 R2 server and turned on the Active Diretory Domain Services.  We also added a windows 2012 server on th domain but have not turned on any server roles for that machine.  We are keeping the windows 2000 server because of legacy software that is not compatible with the new server(s).  We have been running these servers for 2 plus years.  Within the last year sometime, I don't know when, users are having problems changing their passwords when they expire.  I have been unable to find a resolution.  I have seached the internet and found some suggestions.  The first was to lengthen the time windows balloon notification to give users more notice of an expiring password.  I was testing and actually gave the users 40 days advance notice.  I still have a user say she never saw the notification.  I also have a script that will check the users last change date and display a message 9 days prior to expiration.  The problem with this is that the script is on the server and some users are "wireless" so they do not connect to the network until after login  They will sometimes see an error message about not being able to access th script.  The third thing I tried was turning on Network access: Named Pipes that can be accessed anonymously setting in the default domain policy.  I have confirmed that the client (windows 7 professional 32 bit)  sees the group policy setting.  The users (multiple users) are not able to change their passwords when they have expired.  I was able to change my password when it expired, however, I was logged in at the time it expired.  I'm not able to find out why when the password has expired the user cannot change it.  Today I started testing by forcing a user to change their password at net login.  The use is able to begin the login process with the old password.  The notice is given that the password must be changed.  A screen with username, old password and new password boxes is displayed.  The user types in the new password twice.  It looks as if the password is changing but then a message says that the password must be changed before logging on for the first time.  The password is not changed.  The user is stuck in an endless loop.  At this the point, the only option is to change the user's password in AD (as admin).  One more thing, most of the clients are connecting to our LAN wirelessly.  I don't think this is an issue because I have hard-wired the clients and still have the issue.  Can anyone help me resolve this issue?
    Tuesday, August 30, 2016 1:08 PM

Answers