AD users cannot change password

[derson]

i am running win2k sp3 and use a gp that makes users change passwords every 30 days however the user is offered the chance to change the password 14 days before but when trys to change gets message domain cntroller no availible????? users are runnung win2kpro/xp pro mix
many thnaks in advance
derson

"Computer games don't affect kids; I mean, if Pac-Man affected us as
kids, we'd all be running around in darkened rooms, munching magic pills
and listening to repetitive electronic music."

Kristian Wilson, Nintendo, Inc, 1989

 

[SelbyGlenn]

Need a bit more information here Kristian:

Are you running in mixed mode or native mode? How many DC's are there? Are they all global catalog servers?

Glenn
BEng MCSE CCA

 

[paul123456]

The answer to your question is the anonymous logon..you probably set it to zero or had a lock down utility do it for you.

Thanks, PAUL

 

[derson]

thanks for getting back..native mode 2 dc's one global cat server paul sorry anonymous logon is that in the GP settings and what should it be?
thanks again
derson

"Computer games don't affect kids; I mean, if Pac-Man affected us as
kids, we'd all be running around in darkened rooms, munching magic pills
and listening to repetitive electronic music."

 

[de1458]

I don't have an answer for your question, just wondering what client OS are they? I found that if the user logging into a win2k/xp they can change password, if logging into a win9x machine they cannot change password event with the ad client install on those machine, you might want to give a try

 

[paul123456]

does the msg say this??

You do not have permission to change your password.

-or-

Unable to change the password on this account (C00000BE). Please consult your system administrator.


if so to work around this problem, remove the RestrictAnonymous entry or set the value to 0, and then restart the PDC.

Thanks, PAUL

 

[derson]

paul msg is "unable to contact domain controller" and clients are win2k/xp
many thnaks
derson

"Computer games don't affect kids; I mean, if Pac-Man affected us as
kids, we'd all be running around in darkened rooms, munching magic pills
and listening to repetitive electronic music."

 

[juruk]

I am getting the same error message when user tries to change the password “unable to contact the domain controller”. Any help appreciated.

 

[Stiddy]

Thsi may sound a little junior and something that you probably already checked, but I recently had the same problem. Lets say UserA logs on to a machine, does work, logs off. Now the default domain name is that of YOUR DOMAIN NAME. See, most of the time a user just sits down and logs on not thinking to click the dropdown box for what ever domain he/she wants to logon to. It has been my experience that if the Dropdown box for the domain name is blank and userA logs on, well that computer has a way of seeking out what domain UserA belongs too, I could explain but you probably already know, then once logged on and they recieve the message to change password they begin to type their old password, then the new one twice, but never remember to click the drop down box for the domain they want to change their password on.


I know it sounds unlikely that you overlokked such a small thing, but that may be it. It is not the users fault, they should not have to be concerned with things like that. The way I fixed it was a simple reg hack I pushed out via perl script.


reg update "HKLM\software\microsoft\windows NT\currentversion\winlogon\DefaultDomainName=YourDomainsName" \\everyworkstation

 

[paul123456]

what OS are your clients running?? also make sure! make sure that dns is pointing to the server on the clients

Thanks, PAUL

 

[derson]

stiddy good call but no they are using the correct domain and paul the clients are win2kpro/xp pro dns entries are for local; dns servers and gateway (firewall)
many thanks
derson

"Computer games don't affect kids; I mean, if Pac-Man affected us as
kids, we'd all be running around in darkened rooms, munching magic pills
and listening to repetitive electronic music."

 

[ricpinto]

This thread is also a can't change a password issue. See if it's related. thread96-550069

 

[lwinstead]

AH HA! I, for my network, have figured it out!!

Quick background: I was having the same problem today. I had, in the past, rebuilt our Win2k Advanced Server (Domain Controller). Before that, NT users could change their passwords just peachy. What's different now? The PDC name, for one. Secondly, its my diagnosis that the problem computers were looking to an LMHOSTS file for name resolution. All I did was simply tell them to stop looking at an LMHOSTS file (if they really were using one, it'd be WRONG now...) and just use DNS for name resolution. Saved changes and then rebooted and all is well! My NT users can now change their passwords off those problem computers.

I hope this helps others, because stuff like this just isn't documented well enough!

<<<<[flux]>>>>

 

[derson]

THANKS VMUCH ALL WORKS NOW CHEERS
DERSON

&quot;Computer games don't affect kids; I mean, if Pac-Man affected us as
kids, we'd all be running around in darkened rooms, munching magic pills
and listening to repetitive electronic music.&quot;