- Too frequent password change prompts
- Password change prompts not being made when they are necessary
The global catalog server discovery is not related to the Forefront UAG server domain and is instead based on Site and Forest global catalog placement as determined by round-robin Domain Name System (DNS) ordering.
When Forefront UAG requests the password expiration for a user from a global catalog server, the global catalog server uses the domain password policy from its own domain when it makes this calculation instead of the password policy from the user domain. By design, this is the default Windows behavior and could result in an incorrect password expiration being returned to Forefront UAG. This behavior depends on the password policies that are used and the domain of the user and global catalog server that is being used.
Article ID: 2910517 - Last Review: 27 Nov 2013 - Revision: 1