List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Password policy change

Prev Next

You are not authorized to post a reply.

Author

Messages

jfigueroa

Posts:13

08/26/2005 4:35 AM
Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

AD000001365 User is Offline

Posts:0

08/26/2005 4:42 AM
Not if you keep the password can not be changed for one day. Unless you have the user come to your helpdesk and change it thru the admin tool. Otherwise they will not be able to change their password cause the Age is not past 24 hours. -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Figueroa, Johnny Sent: Friday, August 26, 2005 12:34 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

deji

Posts:152

08/26/2005 4:46 AM
Which part is "not working" and how is it "not working"? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:34 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

jfigueroa

Posts:13

08/26/2005 5:05 AM
Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx Sent: Friday, August 26, 2005 9:45 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Which part is "not working" and how is it "not working"? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:34 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

AD00000928 User is Offline

Posts:0

08/26/2005 5:11 AM
The HD needs to make their change 24 hours before they let the user know that the account is ready. -ASB FAST, CHEAP, SECURE: Pick Any TWO http://www.ultratech-llc.com/KB/ On 8/26/05, Figueroa, Johnny wrote: > > Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. > > Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

deji

Posts:152

08/26/2005 5:18 AM
As others have pointed out, modify your policy to remove the 24-hour (one day) restriction. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:56 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx Sent: Friday, August 26, 2005 9:45 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Which part is "not working" and how is it "not working"? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:34 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

prenouf

Posts:1

08/26/2005 5:28 AM
Like Jeff said, if you keep the "Password can not be changed for 1 day" setting then this will not work. The helpdesk changing the password means that it can not be changed again for the next 24 hours. In your scenario the users will have to wait 24 hours to change their password, or you will need to turn that option off. Phil On 8/26/05, Figueroa, Johnny wrote: > > Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. > > Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

jfigueroa

Posts:13

08/26/2005 5:39 AM
Thank you all, just wanted to ask the geniuses before I closed the door on it. -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Phil Renouf Sent: Friday, August 26, 2005 10:23 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Like Jeff said, if you keep the "Password can not be changed for 1 day" setting then this will not work. The helpdesk changing the password means that it can not be changed again for the next 24 hours. In your scenario the users will have to wait 24 hours to change their password, or you will need to turn that option off. Phil On 8/26/05, Figueroa, Johnny wrote: > > Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of > deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. > > Our help desk used to set passwords to a default value when they got a > call from a user and then tell the user to change it to something they > want. It looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner > Health Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the > use of the individual or entity to which it is addressed and may > contain information that is privileged, confidential and exempt from > disclosure under applicable law. If the reader of this message is not > the intended recipient or employee/agent responsible for delivering > the message to the intended recipient, you are hereby notified that > any dissemination, distribution or copying of the communication is > strictly prohibited. If you receive this communication in error, > please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

jfigueroa

Posts:13

08/26/2005 10:40 AM
I mean, if I use the check box to "user must change password at next logon" our users whose only way into the domain is OWA will not prompt them to change their password... Unless I am missing something. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support Sent: Friday, August 26, 2005 3:19 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Johnny, We do exactly what you suggest, change the password and set the "user must change password at next logon" and they are able to change it, even within the "password cannot be changed period". What do you mean by "that would effectively lock out the OWA only users"? Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Figueroa, Johnny" To: Sent: Saturday, August 27, 2005 2:56 AM Subject: RE: [ActiveDir] Password policy change Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx Sent: Friday, August 26, 2005 9:45 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Which part is "not working" and how is it "not working"? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:34 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

AD00000777 User is Offline

Posts:0

08/26/2005 10:49 AM
Johnny, We do exactly what you suggest, change the password and set the "user must change password at next logon" and they are able to change it, even within the "password cannot be changed period". What do you mean by "that would effectively lock out the OWA only users"? Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Figueroa, Johnny" To: Sent: Saturday, August 27, 2005 2:56 AM Subject: RE: [ActiveDir] Password policy change Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx Sent: Friday, August 26, 2005 9:45 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Which part is "not working" and how is it "not working"? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:34 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

aaron_visser@xxxx.yyy

08/26/2005 10:58 AM
I think he wants to know what is OWA or at least I want to know :) On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: > > I mean, if I use the check box to "user must change password at next logon" > our users whose only way into the domain is OWA will not prompt them to change > their password... Unless I am missing something. > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support > Sent: Friday, August 26, 2005 3:19 PM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: Re: [ActiveDir] Password policy change > > Johnny, > > We do exactly what you suggest, change the password and set the "user must > change password at next logon" and they are able to change it, even within the > "password cannot be changed period". > > What do you mean by "that would effectively lock out the OWA only users"? > > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > ----- Original Message ----- > From: "Figueroa, Johnny" > To: > Sent: Saturday, August 27, 2005 2:56 AM > Subject: RE: [ActiveDir] Password policy change > > > > Help desk sets he password to something "something", tells the user to > change their password to whatever they want it to be and the user can not. I > thought about having the HD check the box that makes it so the user has to > change the password the next time they log in but I think that would > effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to > something generic, then the user is supposed to change it to whatever they > want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to > retain password history for 5 passwords and the password can not be changed > for one day. > > Our help desk used to set passwords to a default value when they got a call > from a user and then tell the user to change it to something they want. It > looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner Health > Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the use of > the individual or entity to which it is addressed and may contain > information that is privileged, confidential and exempt from disclosure > under applicable law. If the reader of this message is not the intended > recipient or employee/agent responsible for delivering the message to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of the communication is strictly prohibited. If you > receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

aaron_visser@xxxx.yyy

08/26/2005 11:00 AM
Nevermind OWA = Outlook Web Access On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: > > I mean, if I use the check box to "user must change password at next logon" > our users whose only way into the domain is OWA will not prompt them to change > their password... Unless I am missing something. > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support > Sent: Friday, August 26, 2005 3:19 PM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: Re: [ActiveDir] Password policy change > > Johnny, > > We do exactly what you suggest, change the password and set the "user must > change password at next logon" and they are able to change it, even within the > "password cannot be changed period". > > What do you mean by "that would effectively lock out the OWA only users"? > > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > ----- Original Message ----- > From: "Figueroa, Johnny" > To: > Sent: Saturday, August 27, 2005 2:56 AM > Subject: RE: [ActiveDir] Password policy change > > > > Help desk sets he password to something "something", tells the user to > change their password to whatever they want it to be and the user can not. I > thought about having the HD check the box that makes it so the user has to > change the password the next time they log in but I think that would > effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to > something generic, then the user is supposed to change it to whatever they > want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to > retain password history for 5 passwords and the password can not be changed > for one day. > > Our help desk used to set passwords to a default value when they got a call > from a user and then tell the user to change it to something they want. It > looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner Health > Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the use of > the individual or entity to which it is addressed and may contain > information that is privileged, confidential and exempt from disclosure > under applicable law. If the reader of this message is not the intended > recipient or employee/agent responsible for delivering the message to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of the communication is strictly prohibited. If you > receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

AD00000777 User is Offline

Posts:0

08/27/2005 4:11 AM
Your right Aaron, I didn't know what it meant.! I am not an outlook sort of person (we use Notes...), but the inferred statement surprises me. It suggests that if the "must change password" is set, you can't logon to Outlook Web Access. This would suggest that forcing users to change password after (say) 28 days is also a no-no. And, it would also suggest that Outlook Web Access won't let you change your password. If it did, it would surely allow you to logon, then require you to change the password before you do anything.. This all seems unlikely, given Microsoft's recommended use of forcing password changes on a regular basis and forcing users to change a password when a new user is created. If it is all true, maybe you have to provide some way that the users can go to a Citrix portal and change their password there, then go back and use Outlook Web Access. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Aaron Visser" To: Sent: Saturday, August 27, 2005 8:59 AM Subject: Re: [ActiveDir] Password policy change Nevermind OWA = Outlook Web Access On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: > > I mean, if I use the check box to "user must change password at next logon" > our users whose only way into the domain is OWA will not prompt them to change > their password... Unless I am missing something. > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support > Sent: Friday, August 26, 2005 3:19 PM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: Re: [ActiveDir] Password policy change > > Johnny, > > We do exactly what you suggest, change the password and set the "user must > change password at next logon" and they are able to change it, even within the > "password cannot be changed period". > > What do you mean by "that would effectively lock out the OWA only users"? > > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > ----- Original Message ----- > From: "Figueroa, Johnny" > To: > Sent: Saturday, August 27, 2005 2:56 AM > Subject: RE: [ActiveDir] Password policy change > > > > Help desk sets he password to something "something", tells the user to > change their password to whatever they want it to be and the user can not. I > thought about having the HD check the box that makes it so the user has to > change the password the next time they log in but I think that would > effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to > something generic, then the user is supposed to change it to whatever they > want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to > retain password history for 5 passwords and the password can not be changed > for one day. > > Our help desk used to set passwords to a default value when they got a call > from a user and then tell the user to change it to something they want. It > looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner Health > Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the use of > the individual or entity to which it is addressed and may contain > information that is privileged, confidential and exempt from disclosure > under applicable law. If the reader of this message is not the intended > recipient or employee/agent responsible for delivering the message to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of the communication is strictly prohibited. If you > receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

listmail

Posts:497

08/27/2005 6:17 AM
Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if your password is expired (forced or otherwise) you aren't getting into OWA. I also don't believe it has a password change function if you just want to go and change it, but that could be something that could be enabled. Alternatively you set up another web page to do it. As for the OPs original issue. It all comes down to implementation. You told the system to not allow people to change the password if the password age was less than one day and then were confused when it did exactly that. The reason for it is that there is one attribute for password age, pwdLastSet, and it doesn't distinguish between a helpdesk set operation or a normal password change, they are both password changes and you only want one day between every change. The proper way to handle that case is to force the user's to change their password on next logon (which sets the pwdLastSet to 0), but as you know, that will kill OWA users. So you either need another process to follow for OWA only users, install some third party or custom inhouse tool, or drop the minimum password aging. joe -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support Sent: Saturday, August 27, 2005 12:09 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Your right Aaron, I didn't know what it meant.! I am not an outlook sort of person (we use Notes...), but the inferred statement surprises me. It suggests that if the "must change password" is set, you can't logon to Outlook Web Access. This would suggest that forcing users to change password after (say) 28 days is also a no-no. And, it would also suggest that Outlook Web Access won't let you change your password. If it did, it would surely allow you to logon, then require you to change the password before you do anything.. This all seems unlikely, given Microsoft's recommended use of forcing password changes on a regular basis and forcing users to change a password when a new user is created. If it is all true, maybe you have to provide some way that the users can go to a Citrix portal and change their password there, then go back and use Outlook Web Access. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Aaron Visser" To: Sent: Saturday, August 27, 2005 8:59 AM Subject: Re: [ActiveDir] Password policy change Nevermind OWA = Outlook Web Access On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: > > I mean, if I use the check box to "user must change password at next logon" > our users whose only way into the domain is OWA will not prompt them to change > their password... Unless I am missing something. > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support > Sent: Friday, August 26, 2005 3:19 PM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: Re: [ActiveDir] Password policy change > > Johnny, > > We do exactly what you suggest, change the password and set the "user must > change password at next logon" and they are able to change it, even within the > "password cannot be changed period". > > What do you mean by "that would effectively lock out the OWA only users"? > > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > ----- Original Message ----- > From: "Figueroa, Johnny" > To: > Sent: Saturday, August 27, 2005 2:56 AM > Subject: RE: [ActiveDir] Password policy change > > > > Help desk sets he password to something "something", tells the user to > change their password to whatever they want it to be and the user can not. I > thought about having the HD check the box that makes it so the user has to > change the password the next time they log in but I think that would > effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to > something generic, then the user is supposed to change it to whatever they > want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to > retain password history for 5 passwords and the password can not be changed > for one day. > > Our help desk used to set passwords to a default value when they got a call > from a user and then tell the user to change it to something they want. It > looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner Health > Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the use of > the individual or entity to which it is addressed and may contain > information that is privileged, confidential and exempt from disclosure > under applicable law. If the reader of this message is not the intended > recipient or employee/agent responsible for delivering the message to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of the communication is strictly prohibited. If you > receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

PeterJ

Posts:5

08/29/2005 8:39 AM
OWA doesn't have a built in password change function but you can activate the standard IIS password changing module called iisadmpwd which is placed in the options section of the OWA interface. However if the password has expired you be out of luck. Once article that covers this is: http://support.microsoft.com/default.aspx?scid=kb;en-us;297121 Regards Peter Johnson -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe Sent: 27 August 2005 08:16 To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if your password is expired (forced or otherwise) you aren't getting into OWA. I also don't believe it has a password change function if you just want to go and change it, but that could be something that could be enabled. Alternatively you set up another web page to do it. As for the OPs original issue. It all comes down to implementation. You told the system to not allow people to change the password if the password age was less than one day and then were confused when it did exactly that. The reason for it is that there is one attribute for password age, pwdLastSet, and it doesn't distinguish between a helpdesk set operation or a normal password change, they are both password changes and you only want one day between every change. The proper way to handle that case is to force the user's to change their password on next logon (which sets the pwdLastSet to 0), but as you know, that will kill OWA users. So you either need another process to follow for OWA only users, install some third party or custom inhouse tool, or drop the minimum password aging. joe -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support Sent: Saturday, August 27, 2005 12:09 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Your right Aaron, I didn't know what it meant.! I am not an outlook sort of person (we use Notes...), but the inferred statement surprises me. It suggests that if the "must change password" is set, you can't logon to Outlook Web Access. This would suggest that forcing users to change password after (say) 28 days is also a no-no. And, it would also suggest that Outlook Web Access won't let you change your password. If it did, it would surely allow you to logon, then require you to change the password before you do anything.. This all seems unlikely, given Microsoft's recommended use of forcing password changes on a regular basis and forcing users to change a password when a new user is created. If it is all true, maybe you have to provide some way that the users can go to a Citrix portal and change their password there, then go back and use Outlook Web Access. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Aaron Visser" To: Sent: Saturday, August 27, 2005 8:59 AM Subject: Re: [ActiveDir] Password policy change Nevermind OWA = Outlook Web Access On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: > > I mean, if I use the check box to "user must change password at next logon" > our users whose only way into the domain is OWA will not prompt them to change > their password... Unless I am missing something. > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support > Sent: Friday, August 26, 2005 3:19 PM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: Re: [ActiveDir] Password policy change > > Johnny, > > We do exactly what you suggest, change the password and set the "user must > change password at next logon" and they are able to change it, even within the > "password cannot be changed period". > > What do you mean by "that would effectively lock out the OWA only users"? > > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml > > > > ----- Original Message ----- > From: "Figueroa, Johnny" > To: > Sent: Saturday, August 27, 2005 2:56 AM > Subject: RE: [ActiveDir] Password policy change > > > > Help desk sets he password to something "something", tells the user to > change their password to whatever they want it to be and the user can not. I > thought about having the HD check the box that makes it so the user has to > change the password the next time they log in but I think that would > effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password to > something generic, then the user is supposed to change it to whatever they > want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security to > retain password history for 5 passwords and the password can not be changed > for one day. > > Our help desk used to set passwords to a default value when they got a call > from a user and then tell the user to change it to something they want. It > looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner Health > Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the use of > the individual or entity to which it is addressed and may contain > information that is privileged, confidential and exempt from disclosure > under applicable law. If the reader of this message is not the intended > recipient or employee/agent responsible for delivering the message to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of the communication is strictly prohibited. If you > receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

AD000001365 User is Offline

Posts:0

08/29/2005 12:43 PM
I have a possible solution for the OWA users. I havent used this particular software but we use one of their other products and it works well. I'll let the website speak for itself. But I believe this would provide a means via the web for your users to change their passwords. http://www.anixis.com/products/ppeweb/default.htm Jeff Cothern -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson Sent: Monday, August 29, 2005 4:36 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change OWA doesn't have a built in password change function but you can activate the standard IIS password changing module called iisadmpwd which is placed in the options section of the OWA interface. However if the password has expired you be out of luck. Once article that covers this is: http://support.microsoft.com/default.aspx?scid=kb;en-us;297121 Regards Peter Johnson -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe Sent: 27 August 2005 08:16 To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if your password is expired (forced or otherwise) you aren't getting into OWA. I also don't believe it has a password change function if you just want to go and change it, but that could be something that could be enabled. Alternatively you set up another web page to do it. As for the OPs original issue. It all comes down to implementation. You told the system to not allow people to change the password if the password age was less than one day and then were confused when it did exactly that. The reason for it is that there is one attribute for password age, pwdLastSet, and it doesn't distinguish between a helpdesk set operation or a normal password change, they are both password changes and you only want one day between every change. The proper way to handle that case is to force the user's to change their password on next logon (which sets the pwdLastSet to 0), but as you know, that will kill OWA users. So you either need another process to follow for OWA only users, install some third party or custom inhouse tool, or drop the minimum password aging. joe -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support Sent: Saturday, August 27, 2005 12:09 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Your right Aaron, I didn't know what it meant.! I am not an outlook sort of person (we use Notes...), but the inferred statement surprises me. It suggests that if the "must change password" is set, you can't logon to Outlook Web Access. This would suggest that forcing users to change password after (say) 28 days is also a no-no. And, it would also suggest that Outlook Web Access won't let you change your password. If it did, it would surely allow you to logon, then require you to change the password before you do anything.. This all seems unlikely, given Microsoft's recommended use of forcing password changes on a regular basis and forcing users to change a password when a new user is created. If it is all true, maybe you have to provide some way that the users can go to a Citrix portal and change their password there, then go back and use Outlook Web Access. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Aaron Visser" To: Sent: Saturday, August 27, 2005 8:59 AM Subject: Re: [ActiveDir] Password policy change Nevermind OWA = Outlook Web Access On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: > > I mean, if I use the check box to "user must change password at next logon" > our users whose only way into the domain is OWA will not prompt them > to change > their password... Unless I am missing something. > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro > Support > Sent: Friday, August 26, 2005 3:19 PM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: Re: [ActiveDir] Password policy change > > Johnny, > > We do exactly what you suggest, change the password and set the "user > must change password at next logon" and they are able to change it, > even within the > "password cannot be changed period". > > What do you mean by "that would effectively lock out the OWA only users"? > > > Alan Cuthbertson > > > Policy Management Software:- > http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml > ADM Template Editor:- > http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml > Policy Log Reporter(Free) > http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.sht > ml > > > > ----- Original Message ----- > From: "Figueroa, Johnny" > To: > Sent: Saturday, August 27, 2005 2:56 AM > Subject: RE: [ActiveDir] Password policy change > > > > Help desk sets he password to something "something", tells the user to > change their password to whatever they want it to be and the user can not. I > thought about having the HD check the box that makes it so the user > has to change the password the next time they log in but I think that > would effectively lock out the OWA only users. > > The point is that the HD gets the user going by setting the password > to something generic, then the user is supposed to change it to > whatever they want to keep. > > > Thanks > > -----Original Message----- > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx > [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx > Sent: Friday, August 26, 2005 9:45 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: RE: [ActiveDir] Password policy change > > Which part is "not working" and how is it "not working"? > > > Sincerely, > > Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > Microsoft MVP - Directory Services > www.readymaids.com - we know IT > www.akomolafe.com > Do you now realize that Today is the Tomorrow you were worried about > Yesterday? -anon > > ________________________________ > > From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny > Sent: Fri 8/26/2005 9:34 AM > To: ActiveDir@xxxxxxxxxxxxxxxxxx > Subject: [ActiveDir] Password policy change > > > > > Good morning folks, yesterday I changed the domain password security > to retain password history for 5 passwords and the password can not be changed > for one day. > > Our help desk used to set passwords to a default value when they got a call > from a user and then tell the user to change it to something they > want. It looks like that is not working for them > > Is there anyway around this ? > > Thanks > > Johnny Figueroa > Enterprise Network Consultant/Integrator Network Services Banner > Health Voice (602) > 495-4195 Fax (602) 495-4406 > > WARNING: This message, and any attachments, are intended only for the > use of > the individual or entity to which it is addressed and may contain > information that is privileged, confidential and exempt from > disclosure under applicable law. If the reader of this message is not > the intended recipient or employee/agent responsible for delivering > the message to the intended recipient, you are hereby notified that > any dissemination, distribution or copying of the communication is > strictly prohibited. If you > receive this communication in error, please notify us immediately > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

lists

Posts:0

08/30/2005 3:58 AM
That should work. :-) There are actually many web-, phone- and login-prompt- accessible password change/synchronization/reset applications out there, some of which support password updates to multiple types of systems, rather than just AD. One such is http://psynch.com/ Linking one of these to OWA should be trivial. With this product, and probably others, you should have no trouble detecting password expiry and bouncing the user to the 'change now' page either. Good luck, -- Idan On Mon, 29 Aug 2005, Cothern Jeff D. Team EITC wrote: I have a possible solution for the OWA users. I havent used this particular software but we use one of their other products and it works well. I'll let the website speak for itself. But I believe this would provide a means via the web for your users to change their passwords. http://www.anixis.com/products/ppeweb/default.htm Jeff Cothern -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of Peter Johnson Sent: Monday, August 29, 2005 4:36 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change OWA doesn't have a built in password change function but you can activate the standard IIS password changing module called iisadmpwd which is placed in the options section of the OWA interface. However if the password has expired you be out of luck. Once article that covers this is: http://support.microsoft.com/default.aspx?scid=kb;en-us;297121 Regards Peter Johnson -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of joe Sent: 27 August 2005 08:16 To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Yep, OWA is Outlook Web Access. If you haven't seen it, it is gorgeous in Exchange 2003. It looks almost exactly like Outlook. Unfortunately, if your password is expired (forced or otherwise) you aren't getting into OWA. I also don't believe it has a password change function if you just want to go and change it, but that could be something that could be enabled. Alternatively you set up another web page to do it. As for the OPs original issue. It all comes down to implementation. You told the system to not allow people to change the password if the password age was less than one day and then were confused when it did exactly that. The reason for it is that there is one attribute for password age, pwdLastSet, and it doesn't distinguish between a helpdesk set operation or a normal password change, they are both password changes and you only want one day between every change. The proper way to handle that case is to force the user's to change their password on next logon (which sets the pwdLastSet to 0), but as you know, that will kill OWA users. So you either need another process to follow for OWA only users, install some third party or custom inhouse tool, or drop the minimum password aging. joe -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support Sent: Saturday, August 27, 2005 12:09 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Your right Aaron, I didn't know what it meant.! I am not an outlook sort of person (we use Notes...), but the inferred statement surprises me. It suggests that if the "must change password" is set, you can't logon to Outlook Web Access. This would suggest that forcing users to change password after (say) 28 days is also a no-no. And, it would also suggest that Outlook Web Access won't let you change your password. If it did, it would surely allow you to logon, then require you to change the password before you do anything.. This all seems unlikely, given Microsoft's recommended use of forcing password changes on a regular basis and forcing users to change a password when a new user is created. If it is all true, maybe you have to provide some way that the users can go to a Citrix portal and change their password there, then go back and use Outlook Web Access. Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.shtml ----- Original Message ----- From: "Aaron Visser" To: Sent: Saturday, August 27, 2005 8:59 AM Subject: Re: [ActiveDir] Password policy change Nevermind OWA = Outlook Web Access On 8/26/05 3:39 PM, "Figueroa, Johnny" wrote: I mean, if I use the check box to "user must change password at next logon" our users whose only way into the domain is OWA will not prompt them to change their password... Unless I am missing something. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of SysPro Support Sent: Friday, August 26, 2005 3:19 PM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: Re: [ActiveDir] Password policy change Johnny, We do exactly what you suggest, change the password and set the "user must change password at next logon" and they are able to change it, even within the "password cannot be changed period". What do you mean by "that would effectively lock out the OWA only users"? Alan Cuthbertson Policy Management Software:- http://www.sysprosoft.com/index.php?ref=activedir&f=pol_summary.shtml ADM Template Editor:- http://www.sysprosoft.com/index.php?ref=activedir&f=adm_summary.shtml Policy Log Reporter(Free) http://www.sysprosoft.com/index.php?ref=activedir&f=policyreporter.sht ml ----- Original Message ----- From: "Figueroa, Johnny" To: Sent: Saturday, August 27, 2005 2:56 AM Subject: RE: [ActiveDir] Password policy change Help desk sets he password to something "something", tells the user to change their password to whatever they want it to be and the user can not. I thought about having the HD check the box that makes it so the user has to change the password the next time they log in but I think that would effectively lock out the OWA only users. The point is that the HD gets the user going by setting the password to something generic, then the user is supposed to change it to whatever they want to keep. Thanks -----Original Message----- From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx [mailto:ActiveDir-owner@xxxxxxxxxxxxxxxxxx] On Behalf Of deji@xxxxxxxxxxxxxx Sent: Friday, August 26, 2005 9:45 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: RE: [ActiveDir] Password policy change Which part is "not working" and how is it "not working"? Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Figueroa, Johnny Sent: Fri 8/26/2005 9:34 AM To: ActiveDir@xxxxxxxxxxxxxxxxxx Subject: [ActiveDir] Password policy change Good morning folks, yesterday I changed the domain password security to retain password history for 5 passwords and the password can not be changed for one day. Our help desk used to set passwords to a default value when they got a call from a user and then tell the user to change it to something they want. It looks like that is not working for them Is there anyway around this ? Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Password policy change

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members