We had a discussion involving this very issue on this list last week - MS has a KB article that describes this: http://support.microsoft.com/?scid=812499 There is a hotfix (referenced in this article), and the fix is included in Win2K SP4. Hope this helps...we're updating all our DCs to SP4 now, so we'll see... Dave
-----Original Message----- From: Carr, Jonathan (OFT) [mailto:[EMAIL PROTECTED] Sent: Thursday, August 07, 2003 6:06 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Password change issue OK here it is... PDC emulator at a central site. DC at a remote site connected to Central site VIA a WAN link have Bridgehead with scheduled replication to remote sites Have GP that has strong password , Max password life 90 days, Min password life 1 days User contacts help desk because they forgot password (password was old123$) and locked their acct Helpdesk at Central site reset acct and password (newpassword new123$)and ck box to have user change password at next logon User logs in with password (new123$) from Help Desk The local Dc does a Pass thru authentication to the PDC emulator which returns a authentication packet to the client PC User gets "Must change password" Dialog box In the dialog box the old password is automatically back filled with the password (new123$) he logon with User enter new password (newer123$)and confirms it. When the user tries to finalize the change password he get blow out by old password not correct. the local dc is trying to commit the password change If the user enters his original password (old123$)(kind of tuff cause he forgot it that is why he called the help desk in the first place) in the old password box and enters a new one (newer123$) He is ok and allowed to go foward. This is really strange I Know why it happens. If you force replication thru out the domain before the user logs on this does not happen but that would be a no no in this place. If change the password on the PDC emulator and the local dc it does not happen. anyone got a valid reason why the client pc does this?? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/