We have windos 2008 R2 domain and windows 7 clients.
I've tested the Fine grained password the past weeks, and today i enabled it for everyone. During next logon users will get a password notification balloon to change their password within 14 days. Works great. No problem.
One issue we have is that the momemt i activate the PSO, users can not connect to our intranet and some webportals.. Users did not get the password expiry notification balloon yet, because the where already logged on. Still they could not use the webportal,
what was no problem minutes before i activate the PSO. If the users changed their password, they then can connect to the webportal.
But like i said, if you already logged on you will get the notification the next time you logon, but meanwhile we can not connect to our intranet..
What could be the problem??? Is it the authentication method with IIS 7???
I don't think that is the solution i'm looking for.. I think you misunderstood my question..
In fact the AD DS Fine-Grained Password works great. Users do get a balloon to change their password. So no problem with that..
But currently if your windows password expires, or the user flag "must change password at next logon" has been set, then authentication simply fails with our webportals. i.e., IIS doesn't have a built-in mechanism for handling changing passwords.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.