![]() I found out, that group policy modeling shows different configurations for different users. What could I try to find out why the users cannot change their passwords? Output of net accounts Force user logoff how long after time expires?: Never Output of net user /domain Myuser User name cardm004 User can not change password = $false, etc. Everyone has the right to change the password. The security descriptor of the user account looks quite ok. Set-ADAccountPassword on a domain controller didn't work either. ![]() The user still could not change his PW after I created a PSO for him, with config that should work. Only thing I saw was the setting EveryoneIncludesAnonymous = 0. I checked it with a domain where everything works. ![]() Password provider on PDC: I read that you can use custom password providers via registry. history is set to 5, but irrelevant in this case (tried different passwords).There is only the default domain policy with password settings in it. This is however not true, when:Ī) An Administrator resets to a new password orī) the user had the flag "must reset password at logon" At one of my customer's child domains, he has the problem that a number of (looks like) random users can not change their password due to "complexity blah blah".
0 Comments
Leave a Reply. |