Well, holy mackerel! I found it!
I used "usdmzdc01p.dmz.example.com\kurt-dmz", and the password change took! Couldn't use the bare domain, had to specify the DC. It's only noon, and I've solved a real problem. Kurt On Thu, Feb 18, 2016 at 11:55 AM, Miller Bonnie L. <[email protected]> wrote: > Yep, that is what I meant both domain\username and [email protected]. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, February 18, 2016 10:41 AM > To: ntsysadm <[email protected]> > Subject: Re: [NTSysADM] My ignorance is showing again... > > Not sure what you mean - but let me show what I've tried: > > The DMZ forest is dmz.example.com, while production is example.com (don't > yell, I didn't set up the DMZ forest). I press ALT+CTRL+DEL on my machine in > the production forest, and select "Change a password" > (I'm running Win8.1), then type in the ID and old password and new password > in the relevant fields. > > For the ID, I've tried [email protected], [email protected], > dmz.example.com\kurt-dmz and dmz.example\kurt-dmz, and get the same error > message in all cases. > > I've also tried using the name of the DC - > [email protected] - and get the same error message. > > Kurt > > On Thu, Feb 18, 2016 at 7:53 AM, Miller Bonnie L. > <[email protected]> wrote: >> Do you get the same results with netbios vs UPN logon? >> >> -Bonnie >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Kurt Buff >> Sent: Wednesday, February 17, 2016 1:41 PM >> To: ntsysadm <[email protected]> >> Subject: [NTSysADM] My ignorance is showing again... >> >> We have two separate, untrusted forests - DMZ and production. >> >> Production is at DFL/FFL 2008. >> DMZ is at DFL/FFL 2012R2 >> >> I changed a password for an account in the DMZ forest, setting it to require >> change at next logon. >> >> User cannot RDP from machine in production forest to machine in DMZ forest >> because the password must be changed first. >> >> User cannot change password on machine in production forest for >> account in DMZ forest using ALT+CTRL+DEL, because he's getting the >> message: >> >> "configuration information could not be read from the domain >> controller, >> either because the machine is unavailable, or access has been denied." >> >> I know I can unset the requirement to change the password at next logon, but >> that seems silly, because then I can't enforce having him change it without >> standing over his shoulder while he does it. >> >> How the heck can I do this? I've tried with my own user accounts, and have >> confirmed the problem. >> >> Kurt >> >> > >
