change password for the first login

[hiisc]

i had set change password in the first login for a user account in active directory user and group. but still when i try to log in from the client, it always show "password is expired" althought i did not set password max/min age for the account.

hope someone can help me.

 

[WillShakespeare]

There are a few things you will need to check. First, is the network profile for logins set (rather than for individual users). Also, the user may have played with local security settings. Check these, too, to make sure password age is not set.

I had this problem with a user who was actually established in the company, rather than from a new account. The way I solved it was by right-clicking on the user account object in AD and manually resetting the password, and ticking the check-box to ask user to change at first login.

Hope some of this helps.

Will

 

[hiisc]

Hi,

Thank for your help but how to check network profile for login set.

 

[WillShakespeare]

Sorry, what I am trying to say is make sure that your domain is using domain security (or a default GPO), rather than no policy set, so that local users can set their own security policies.
Check your Domain Security (GPO). If this shows no expiry, then check the client locally and see if this shows expiry settings. If neither, then likely you have some COM or DCOM processes running that are conficting with the changed password. For this reason, you will need to simply reset the password at the AD Users and Computers level, allowing the change of password at first logon. This will enable the person to change it to their preference.

Hope this helps,

Will

 

[hiisc]

The things is, for example mr.a he requested to change the password for the first login, i set in w2k server, reset password and tick the option change password for the first login. mr.a could change his password successfully with no error, but right after that, he made the same request again and i repeat the same procedure, when he log in, he will get error message "password expired" although all the domain policy had no password expire set. and after wait for 15 minutes, mr. a repeat the same thing again, he will be successful.

weird right?

hiisc

 

[WillShakespeare]

Sounds like a directory replication problem. i.e. the AD has not replicated the information within the time you suggested (15 minutes).
Similar happens here. Whe our policy asks users to change their password, they do so, then log in. Our firewall is set up so that users need to log in with their windows password, before they can access internet.
In our case, when the password has been changed, when you try to log onto the firewall, the message password no valid appears. When you try to use your old password, same thing. After about 10 minutes, it is all set to use the new password.
In answer: Yes... definitely weird!

Will