User must change password at next logon setting. Typically, you perform this operation on the primary domain controller (PDC) operations master, which may be located in a site that is different from the site that the user is logging on to. Therefore, replication latency may occur, which may cause the symptoms that are described in the preceding section. The following scenario describes this issue:
- The user forgets their password (for example,
password1), and then you reset the password to
- The user in the remote site uses the newly reset password (password2) to log on to their local domain controller (the remote domain controller).
- The remote domain controller does not recognize
password2 as the password (it knows only
password1). The domain controller forwards (chains) the logon request to the PDC operations master.
- The PDC operations master satisfies the logon request, and then passes a message to the remote domain controller that states that the user must change their password.
- This message is passed back to the client computer, which prompts the user to change their password.
- When a user is prompted to change their password, they are asked for the old password and a new password. In this case, the user types the newly reset password (password2) as the old password, and then types a new password.
- The client contacts the remote domain controller again (because this domain controller is in the same site as the client) to change the password. However, the remote domain controller has the password that the user was using at the time that they asked you to reset the password (password1), and does not recognize
password2 as the old password.
- Because password2 is not the correct old password (according to the remote domain controller), the password change operation fails. However, after the newly reset password (password2) is replicated to the remote domain controller, if the user enters password2 when they are prompted to enter the old password, the password change operation is successful.
Article ID: 320325 - Last Review: Jan 7, 2008 - Revision: 1