none
Problems with replication of Active Directory password change to Sharepoint 2003

    Question

  • Hi,

    we have a problem when some users change their password Sharepoint 2003 does not replicate the password from Active Directory. And the username/password dialogbox comes up.

    Is there a workaround for this problem? Anyone else have the same problem?

    This is the case for around 10 users now. And the only way to make sharepoint is setting the password back to the old password.

    Appreciate help!

    Thanks,

    Kjetil Tveit

    Monday, January 22, 2007 11:55 AM

All replies

  • Hi Kjetil,

    Are you using SPS2003 or WSS 2.0 (with AD auto creation mode?). If you are running the portal in the same domain as the user, has the user logged out and in again on their local PC? Maybe there is a mismatch with the current logged in user on the PC (old password), the integrated windows authentication and the login in SharePoint (new password).

    - Mart

    Monday, January 22, 2007 1:46 PM
  • Hi Mart,

    we are using SPS2003 and WSS 2.0. How can i check if it is setup with AD auto creation mode? The whole solution is not setup by me, and there is not much documented.

    The portal is running in the same domain as the user, and the user have tried logging in and out. Restarting and so on.
    We also tried deleting cached usernames and passwords in Internet Explorer. And on the local machine.

    Even if the users is able to login with the new username/password, the dialogbox appears again when trying to open a document in the portal. And when he/her starts the Portal in a new window. The site is in the Local Intranet security Zone.

    The strange thing is that this only happends for 5% of the users...

    Monday, January 22, 2007 2:06 PM
  • If you are running portal you will probably not run in AD auto creation mode. Do you know if your are using Kerberos? There is some sort of credential caching mechanism on the client which might cause the problem. I found this, maybe it clears things out:

    Windows Native Credential Cache

    Unlike the MIT implementation, the Windows Kerberos implementation uses an in-memory credential cache to store Kerberos tickets and TGTs (the MIT implementation uses a disk file). The implementation is stored in non-paged memory so it is never written to disk. Microsoft provides routines to obtain credentials from this cache through their Local Security Authority API (LSA API).

     

    Monday, January 22, 2007 2:39 PM