This article was previously published under Q99313
This article has been archived. It is offered "as is" and will no longer be updated.
If your password expires and undergoes a forced password change, you mustwait for the password to be replicated by the Netlogon service across thedomain. If you do not, any Net Use commands to a backup domain controlleror member server fail because these servers have not had time to receivethe user accounts subsystem update from the primary domain controller.The failure returns an invalid password error, and until the new passwordis validated, you can access the resource only by using the old passwordor by accessing it on the primary domain controller.
The message that prompts you to change your password before it expiresappears at logon. It reads:
NOTE: Your Password Expires in xx days. Use the NET PASSWORD command to change your password.
Password uniqueness is essential for system security; the amount of timea user's password is allowed to exist on the system is controlled by twoparameters:
maximum password age: this places a limit on how much time can elapse after a password is changed before it must be changed again. This is a value between 1 and 49710 days.
minimum password age: this retains a new password for a given length of time, preventing users from changing to one password then changing back to the old one before a specified amount of time elapses. This is a value between 1 and 49710 days, and must be smaller than maximum password age.
The expiration message is captured at logon time and if the maximum agehas been reached, a password change is forced. You are already logged onand connected to other servers, but any Net Use commands you issue to abackup domain controller or member server fails because these servers havenot had time to receive the user accounts subsystem update from theprimary domain controller.