Re: "You are not authorized to change your password at this time"

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/25/04 

Date: Thu, 25 Nov 2004 01:59:24 GMT

Maybe it is a connectivity problem with finding a domain controller or
staying connected to it and depending on the operating system, such as
downlevel clients, they may need to contact the pdc fsmo. The netdiag
support tool would help if run on a domain computer [W2K/XP pro] from the
remote site to see if the computer has proper connectivity and name
resolution to the domain. Also check Event Viewer on the problem computers
for any clues and enable auditing for account logon and account management
in Domain Controller Security Policy which may provide clues via recorded
events when this happens. A simple ping from the remote site to domain
controllers using their fully qualified domain names may also be worthwhile.
Users can have their accounts configured to not allow the user to change
their password in AD Users and Computers if you have not check that
t. --- Steve

"Mike Matheny" <tmatheny@emsdotjscdotnasadotgov> wrote in message
news:O6Bpoom0EHA.2624@TK2MSFTNGP11.phx.gbl...
> AD domain mixed mode - users off-site via T-1, no DC on site. Everyone
> gets this error when prompted to change their password at logon, some get
> it trying to change the password after logon. Complex passwords enforced -
> even using a completely different password doesn't work.
>
> Any ideas would be awesomely appreciated.
>
> --
>
> Mike Matheny
>
>
>

Relevant Pages

  • Re: active directory replication
    ... Domain Controller Diagnosis ... Starting test: Connectivity ... replicas and are not verifiably latent, or dc's no longer replicating this ... can replicate the directory partition over this ...
    (microsoft.public.windows.server.active_directory)
  • RE: REPOST - Site Design
    ... Server 2003 is the additional Domain Controller in Windows SBS 2003 domain. ... relative cost of connectivity between sites to further optimize replication. ...
    (microsoft.public.windows.server.sbs)
  • Re: Replication errors - NTDS KCC
    ... EventID 1925 is connectivity related problems: ... Attempt to establish a replication link failed due to ... following directory partition. ... Add a Connection object to a domain controller that contains the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Not able to add an admin account
    ... > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA ... >> Sounds like your Citrix server has lost connectivity to your Domain and it ... >> as a domain admin to see if it has the connectivity. ... >>> individual accounts from the Domain controller. ...
    (microsoft.public.win2000.active_directory)
  • Re: Sharing a USB printer
    ... I'm working on a network for a client that has a Xerox Phaser and Samsung ML-1740 laser printer both USB connected; they can be shared but cannot be connected to. ... I was hoping the problem would be a bi-directional setting in the driver like on the old desk jet printers I can't find any useful article in the MS KB and even less on the Samsung and Xerox support sites. ... To start with there was a rights issue which I have resolved but this connectivity problem has me stumped. ...
    (microsoft.public.windowsxp.general)