Here's a link to a thread from last week, talking about the pros and cons of one particular solution to this problem (write the password and intruder attributes to multiple DCs at a time):
http://www.mail-archive.com/[EMAIL PROTECTED]/msg08132.html Cheers, -- Idan On Thu, 7 Aug 2003, Carr, Jonathan (OFT) wrote: > OK here it is... > > > PDC emulator at a central site. > DC at a remote site connected to Central site VIA a WAN link > have Bridgehead with scheduled replication to remote sites > Have GP that has strong password , Max password life 90 days, Min password > life 1 days > > User contacts help desk because they forgot password (password was old123$) > and locked their acct > Helpdesk at Central site reset acct and password (newpassword new123$)and ck > box to have user change password at next logon > User logs in with password (new123$) from Help Desk > The local Dc does a Pass thru authentication to the PDC emulator > which returns a authentication packet to the client PC > User gets "Must change password" Dialog box > In the dialog box the old password is automatically back filled with > the password (new123$) he logon with > User enter new password (newer123$)and confirms it. > When the user tries to finalize the change password he get blow out by old > password not correct. > the local dc is trying to commit the password change > If the user enters his original password (old123$)(kind of tuff cause he > forgot it that is why he called the help desk in the first place) in the old > password box and enters a new one (newer123$) He is ok and allowed to go > foward. > > > This is really strange I Know why it happens. > > If you force replication thru out the domain before the user logs on this > does not happen but that would be a no no in this place. > > If change the password on the PDC emulator and the local dc it does not > happen. > > > anyone got a valid reason why the client pc does this?? > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/