none
New Domain account Users password must be changed before signing in

    Question

  • Hello

    After i create a new domain user account in the AD , i define a temp password and check the flag user must change password in next login , and when i go to windows 8.1 it accepts fine the tmp password, and asks to input a new password ,after putting the password allowd by the group policy requirements it says  :  The users password must be changed before signing in , it works fine with previous versions of windows , this issue started when we started to add windows 8 and windows 8.1 clients for tests , the only workarround we could see is not to put the flag users must change their password next login , they had to come to an admins computer and add their password directly into AD.


    Monday, October 28, 2013 12:21 PM

All replies

  • Hi Andre,

    We will set up an environment to test this issue, and will let you know as soon as we get an outcome.

    Thank you for your patience.

    Best Regards,

    Amy Wang

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Wednesday, October 30, 2013 9:27 AM
    Moderator
  • When you create the new user, do you set the password to be changed at next logon immediately?  Or do you create the user and then go back and reset the password to a new value?  If it is the second optin then it sounds like the password history doesn't allow the user password to change for at least one day.


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Wednesday, October 30, 2013 11:56 AM
    Moderator
  • Hi Andre,

    I apologize for the delay.

    We have tested this issue on both Windows 8 and Windows 8.1 machines, the result is that test user can successfully login after changed its password.

    The statement “The user’s password must be changed before signing in” appeared once after we input the first password. After we changed password, “ Your password has been changed” displayed on the screen, and we can login successfully after pressed Enter.

    Please make sure that you have installed all the important packages on the machines.

    If the problem still persists, would you please post out the screenshots of the failed login? There might be some error messages for us troubleshooting this issue.

    Best Regards,

    Amy Wang

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time.
    Thanks for helping make community forum a great place.

    Monday, November 04, 2013 2:23 AM
    Moderator
  • Hi Andre,

    Do you have any progresses on this issue now?

    Please let us know the latest situation, so we could help you solve the issue efficiently.

    Best Regards,

    Amy Wang

    Monday, November 11, 2013 1:27 AM
    Moderator
  • Hello , 

    we tought the problem was solved because yesterday after a few updates it worked , but the same laptop that worked yesterday now doesn't work ,  but there is another pc that is working ... ( both pc have all updates of the OS )

    We have 2 servers that act as domain controlers , one uses 2003 server , the other 2008 r2 , could it be that when they contact the 2003 server due to its older OS it could cause this issue ??? , 

    The accounts are created with the flag already ,that user must change password (and we tried without the flag and then went in to put it to see if it help , still nothing )- in response to Paul Bergson , 

    I made a video o the issue so you guys can see , but there is no error message so i could investigate .

    Private Video - http://www.youtube.com/watch?v=gGEVqy3V3EM&feature=youtu.be 


    • Edited by Andre Cavaco Thursday, November 14, 2013 10:37 AM
    Thursday, November 14, 2013 10:25 AM
  • Can you look in the Security Event Logs on both the client and DC to see if you are getting any errors.  This is very unusual.  The version of the DC should make no difference.

    You could run diagnostics to see if there are any errors.
    http://blogs.dirteam.com/blogs/paulbergson/archive/2009/01/26/troubleshooting-active-directory-issues.aspx


    --
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs
    http://blogs.dirteam.com/blogs/paulbergson

    Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, November 14, 2013 12:48 PM
    Moderator
  • Thursday, November 14, 2013 2:46 PM
  • Hi Alex, hi Amy,

    we have the same problem (“The user’s password must be changed before signing in” in the loop) in a Domain with function level 2003 (3 DCs) with Windows 8 and Windows 8.1-Clients. But sometimes it works. On my Test-VM with Windows 8 today it is all ok and tomorrow it dosn't work.

    On Windows XP and 2003 Systems the problem never occure.

    Is it possible to activate a verbose logging or somethin else?

    Best regards

    Daniel

    Saturday, November 16, 2013 11:19 PM
  • Hi

    We have the same problem.

    -------------------------------------------------------------------------------------------------

    After i create a new domain user account in the AD , i define a temp password and check the flag user must change password in next login , and when i go to windows 8.1 it accepts fine the tmp password, and asks to input a new password ,after putting the password allowd by the group policy requirements it says  :  The users password must be changed before signing in , it works fine with previous versions of windows , this issue started when we started to add windows 8 and windows 8.1 clients for tests , the only workarround we could see is not to put the flag users must change their password next login , they had to come to an admins computer and add their password directly into AD.

    -----------------------------------------------------------------------------------

    Our  environment consist of Windows 8.1 with Windows 2003/2008 DC

    Any updates on this?


    Thomas Z

    Wednesday, January 08, 2014 11:54 AM
  • Hi guys.

    In case someone doesn't know - it's a bug for 2003 DC and the hotfix is coming in March this year

    Windows 8.1 cannot change password in Windows 2003 domain level domain

    Friday, February 21, 2014 1:35 PM