Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password Expiration... Speed?

Status
Not open for further replies.
bran2235

bran2235

IS-IT--Management
Feb 13, 2002
703
US
Hello everyone-

We are about to implement a 'default password policy' which will require all (approx 800) users (in the morning) to change their passwords (roughly) at the same time...

My question:
I've noticed when I've been prompted to change my password, their is a very slow delay after typing my NEW password before my profile loads... Is this normal? Are we asking for trouble haveing all users do this during the same morning?

We have two DCs. All FSMO roles are on the same DC (only have one domain)...


Thanks!
Brandon
 
Sort by date Sort by votes
It stands to reason that 800 users changing passwords at once will generate some traffic specifically against the DC that holds the PDC emulator role (if I am not mistaken). I can't tell how much, but you may want to also add a policy whereby users will be warned 14 days before their next password change in order to avoid constantly time all the time.
 
Upvote 0 Downvote
Just FYI for the conversation:
AD database is read/write on all DCs. It is not an NT model of one Read/Write on the PDC and Read only on BDCs. Each DC will write changes and replicate those changes.

Chances are that 800 users will not be loggin in at the same exact moment. Should not be a problem.

As far as lag time, not sure why that is occuring. It may be normal but don't know enough about your AD to make that determination. i.e. logon scripts, GPO's, size of your SYSVOL, hardware specs of the DCs, Network Speed/duplex, etc...
 
Upvote 0 Downvote
Well, the PW changes will eventually be replicated to the PDC Emulator box, but they will still be processsed by the authenticatng DC. So it may not be as bad as you think, unless everybody authenticates to the same DC at the same time.
 
Upvote 0 Downvote
Thanks-
Again, all FSMO roles are on the same box.
 
Upvote 0 Downvote
FSMO roles can be move to different DCs if you want to share the load. Where they are located should not be a factor for changing your password policy.
We manage 4000+ users on an AD with Three DCs in one site. All our FSMO roles are running on a single server without any issues. Two of the Three DCs are DNS servers.
 
Upvote 0 Downvote
OK, now I feel better Kenny :)

Thanks, everyone!
Brandon
 
Upvote 0 Downvote
Just to check are both DC's global catalog servers? that will enable both to process user logons
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
237
strongm
strongm
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
271
penguinroundup
penguinroundup
TECHMAN007
  • Locked
  • Question
RD Web Password Change
Replies
0
Views
191
TECHMAN007
TECHMAN007
Leozack
  • Locked
  • Question
LOGON SPEED : GPO settings vs script reg import etc
Replies
3
Views
327
Leozack
Leozack
scmoh
  • Locked
  • Question
Password Expire Email Alert
Replies
3
Views
150
disturbedone
disturbedone

Part and Inventory Search

Sponsor

Back
Top