Remove From My Forums

Don't receive password expired notification

Question
0

Sign in to vote

We have two Windows 2003 servers as domain controllers. Both DCs are GC enabled. The problem is some users never receive password is expired popup when they reboot their computers. Or they don't see the password is about expired notification on the system tray. When I check the event on the DC, I don't see any related errors. What could be the problem.

Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

Thursday, March 19, 2015 7:49 PM

Answers

0

Sign in to vote
Hi,

Sorry for the delay reply.

What is the OS version for the two computers?

Did you set the policy for warning them of password expiration?

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Interactive logon: Prompt user to change password before expiration

Regards.

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com
- Proposed as answer by Vivian_Wang Tuesday, April 7, 2015 5:57 AM
- Marked as answer by Vivian_Wang Tuesday, April 14, 2015 9:15 AM
Monday, March 30, 2015 2:45 AM
0

Sign in to vote
we found there are 3 Name servers on their DNS server properties. One of them has been removed from the DC/DNS. Removing the
old DC from Name server and active Directory Sites and Services. That fixes the problem. The screenshot can be found here:

DCDIAG /test:DNS has a failure on Windows 2003 DC - Resolution with screenshots

Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com
- Edited by chicagotech Friday, April 17, 2015 8:02 PM
- Marked as answer by Vivian_Wang Wednesday, April 29, 2015 2:53 AM
Friday, April 17, 2015 8:01 PM

All replies

0

Sign in to vote
You can force that with a GPO: https://technet.microsoft.com/en-us/library/ee829687%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Also, you might be interested with the mail notification tip I shared here: http://social.technet.microsoft.com/wiki/contents/articles/23313.notify-active-directory-users-about-password-expiry-using-powershell.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.

Ahmed MALEK

My Website Link
My Linkedin Profile
My MVP Profile
- Proposed as answer by Vivian_Wang Tuesday, March 24, 2015 7:43 AM
Thursday, March 19, 2015 7:54 PM
0

Sign in to vote
Hi,

Did you mean some users, not all the domain users?

Did you set up password policies in Active Directory?

Did you set the policy for warning them of password expiration? Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Interactive logon: Prompt user to change password before expiration

Regards.

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com
- Proposed as answer by Vivian_Wang Tuesday, March 24, 2015 7:43 AM
Friday, March 20, 2015 1:53 AM
0

Sign in to vote
Hello,

if you use OS version higher then Windows XP the warning is just a small icon/message in the right task pane and NOT as in Windows XP with the large pop up. So maybe this is just not recognized.
Best regards

Meinolf Weber

MVP, MCP, MCTS

Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:
- Proposed as answer by Vivian_Wang Tuesday, March 24, 2015 7:44 AM
Friday, March 20, 2015 8:42 AM
0

Sign in to vote

Hi,

Any update about the issue?

Please feel free to let us know if you need further assistance.

Regards.

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

Tuesday, March 24, 2015 7:43 AM
0

Sign in to vote
I am not sure that is the issue. Let me give you example. When the user login his computer, it doesn't say the password is expired and need to change the password. But if I login the same user account in my computer, it says you must change the password. I am waiting for next case and will do more tests.

Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com
- Edited by chicagotech Tuesday, March 24, 2015 8:41 PM
Tuesday, March 24, 2015 8:33 PM
0

Sign in to vote
Hi,

Sorry for the delay reply.

What is the OS version for the two computers?

Did you set the policy for warning them of password expiration?

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Interactive logon: Prompt user to change password before expiration

Regards.

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com
- Proposed as answer by Vivian_Wang Tuesday, April 7, 2015 5:57 AM
- Marked as answer by Vivian_Wang Tuesday, April 14, 2015 9:15 AM
Monday, March 30, 2015 2:45 AM
0

Sign in to vote

Hi,

Any update about the issue?

Regards.

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

Tuesday, April 7, 2015 5:57 AM
0

Sign in to vote

Chicagotech,

in my experience it is always a network issue, basically the network is delayed so that the logon happens while the pc is offline. I bet GPO-s are not applied at logons or you see mapped drives unavailable for a short time.

Sometimes it's just that wifi is built up well after the logon has been thru, or when on cable the ethernet card driver needs an update. Of course, there might be other components in yout network that cause these delays.

---

Jan

Tuesday, April 7, 2015 8:23 AM
0

Sign in to vote

We still have the same issue. Here are more details.

1. We DID set up password policies in Active Directory. This problem happens on ONLY some of workstations.

2. All workstations are running Windows 7.

3. Today I had two more cases. Case 1: Outlook keeps popup for the password and the system tray doesn't show the password expired notification. After logoff and re-login, it asks to change the password. After changing the password, Outlook works.

Case 2: The user can't access any network mapping drives and any domain resources. Net use shows all network mapping drives are disconnected. Net view shows system error 53. Set command shows the logonserver is the DC B. After rebooting the computer, the user can access all network mapping drives. Now, set command shows the logonserver is the DC A.

I feel it is DC/GC or replication issue. In other words, if the computer is using logonserver DC B, the computer doesn't force to change the password and the user can't access the network drives. But the two DCs don't show any related errors in event viewer. dcdiag and netdiag don't have any failed messages. What could be the problem?
Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

Tuesday, April 7, 2015 8:13 PM
0

Sign in to vote
Chicagotech,

when checking replication I suggest go for REPADMIN or the AD Replication Status tool. Have you tried these?

http://blogs.technet.com/b/askds/archive/2012/08/23/ad-replication-status-tool-is-live.aspx

https://technet.microsoft.com/en-us/library/cc949120%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

---

jan
- Proposed as answer by Vivian_Wang Monday, April 13, 2015 2:41 AM
Wednesday, April 8, 2015 6:22 AM
0

Sign in to vote

Hi,

I just want to confirm what is the current situation.

Please feel free to let us know if you need further assistance.

Regards.

Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

Monday, April 13, 2015 2:42 AM
0

Sign in to vote

Hello,

if you think the DCs are not in sync please use the mentioned tools to check replication between ALL DCs.

For the Windows 7 machines assure that they are prepared with sysprep when created from an image.
Best regards

Meinolf Weber

MVP, MCP, MCTS

Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:

Monday, April 13, 2015 11:01 AM
0

Sign in to vote
we found there are 3 Name servers on their DNS server properties. One of them has been removed from the DC/DNS. Removing the
old DC from Name server and active Directory Sites and Services. That fixes the problem. The screenshot can be found here:

DCDIAG /test:DNS has a failure on Windows 2003 DC - Resolution with screenshots

Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com
- Edited by chicagotech Friday, April 17, 2015 8:02 PM
- Marked as answer by Vivian_Wang Wednesday, April 29, 2015 2:53 AM
Friday, April 17, 2015 8:01 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Don't receive password expired notification

Question

Answers

All replies