Windows 8 Problems changing an AD domain password

Hi i have a problem with Windows 8 computers changing passwords on a Domain.
I have several Windows 8 clients that when their passwords have expired they are unable to change them and i am having to reset them on a domain controller.
If users change their passwords before they expire by either using control-alt-del or clicking the notification bubble then it works fine and they can change their passwords without a problem.
We have a Domain with a mixture of 2003 and 2008 domain controllers running at 2003 domain functional level
However, if they leave it until their passwords expire and try to log in they are prompted as expected to change their passwords so they click yes and they enter the info:
Old Password
New Password
Confirm New Password
They then get an error your password has expired and this error repeats in a circle until i change their passwords on a DC. This behavior also occurs if i check teh box for 'User must change their password at next log on'
This as far as i can see is affecting all Windows 8 users, all Windows 7 users are working fine and everything works as expected. From what i can make out its a problem with authentication as you are able to change t he password once the computer
has logged in using a valid password.
Any ideas?
Thanks.

I am getting the same issue. If you found how to fix it can you share please?

Similar Messages

  • Permisson problem: Change UID of domain account

    Hi everyone,
    I'm not sure if this is the right place to ask since I'm new to this forum but I kind of run out of options.
    My company just bought an iMac and it's my job to integrate it into our domain and active directory. I've managed to do this successfully. I can now log on to the machine with my company domain account.
    Each user has a personal home drive (NFS drive) which is (in Windows) mounted at startup. The user logged in has only access to his/her home directory (permissions are set through the UID).
    I managed to mount it on the Mac too.
    BUT:
    There seems to be a permission problem due to false UID's.
    Within the domain, my UID is 1258. When I log on to the Mac, it is 142783090.
    Does anyone now how I can change this? I've been searching for a solution all morning but couldn't find anything helpful. I already tried to change the UID in SysPrefs -> Account -> right-click on the account but it doesn't work for accounts that are not local ones. I also couldn't find out where the Mac gets this strage UID from...
    Thanks in advance for your help!
    Cheers
    PS: If you need more information from me, please ask, I will deliver it gladly =)

    I'm sorry, you're right, the page hold the solution but I was trying to find out how much I can do on the Mac without installing any additional software.
    Thanks anyway for your help!
    Cheers!

  • What would be the impact of changing Enterprise and Domain admin password

    Hello,
    I'm planning to change the Enterprise/Domain Admin's password for some security reasons. I do not know what all will fail, what are all the process is going to be impacted. Actually I don't want to see the bigger impact after changing
    the password.
    I've gone thru' few articles but it's in Powershell where I have the limited knowledge & can't customize the script.
    Is there a tool or a way to scan the LAN/Servers and get a clear output where these users accounts (Domain & Enterprise Admin) being used, especially windows services wise, and all other dependencies?
    Can anybody help?
    Regards,
    MSK

    Hello
    As far as I have experienced by changing the enterprise admin password there will be no impact on the environment, not event on
    Services.msc console. But resetting an account is a different story. If you change the user account, services which relies on the user will be updated automatically but by resetting the password you have to manually enter the password on each
    service.
    Also I am thinking about if you use remote desktop with saved credentials to connect to DC's as enterprise admin, you may experience account lockout problems. So wise move is to create another account as member of enterprise admins group and keep it safe
    with a strong password and save it for a rainy day. In that case if the original enterprise admin locked out due to incorrect logons you have a gold key to overcome the situation.
    Regards.
    Mahdi Tehrani Loves Powershell
    Please kindly click on Propose As Answer or to mark this post as
    and helpfull to other poeple.

  • I loaded Mac OS X v10.7 Lion yesterday. Everything's running fine, except for a simple problem. Any time I want to copy a file, JPEG, etc., I am prompted "Finder wants to make changes. Type your password to allow this." I don't want this!! Is there a way

    I loaded Mac OS X v10.7 Lion yesterday. Everything’s running fine, except for a simple problem. Any time I want to copy a file, JPEG, etc., I am prompted “Finder wants to make changes. Type your password to allow this.” I don’t want this!! Is there a way to unlock “Finder” or rid this process?

    Back up all data.
    This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it.
    Step 1
    If you have more than one user account, and the one in question is not an administrator account, then temporarily promote it to administrator status in the Users & Groups preference pane. You can demote it back to standard status when this step has been completed.
    Triple-click the following line to select it. Copy the selected text to the Clipboard (command-C):
    sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:20 ~ $_ ; chmod -R -N ~ $_ 2> /dev/null
    Launch the Terminal application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
    Paste into the Terminal window (command-V). You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. If you don’t have a login password, you’ll need to set one before you can run the command.
    The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
    Step 2
    Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
    When the OS X Utilities screen appears, select
    Utilities ▹ Terminal
    from the menu bar. A Terminal window will open.
    In the Terminal window, type this:
    resetpassword
    That's one word, all lower case, with no spaces. Then press return. A Reset Password window will open. You’re not going to reset a password.
    Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
    Select your username from the menu labeled Select the user account if not already selected.
    Under Reset Home Directory Permissions and ACLs, click the Reset button.
    Select
     ▹ Restart
    from the menu bar.

  • Windows domain password expired

    Macbook Pro, bound to Windows domain, running 10.7.5
    This one user's domain password expired.  Now, she can't log into the Mac with her new password.  That's all.
    I'm a Windows admin, but I'm fairly competent in supporting OSX.  I'm hoping there's a very easy fix to sync their current password with the domain controller.  For my first trick, I've tried plugging her into the wired network until the red dot goes away and network accounts are "available".  Didn't work.  Unbind, re-bind to domain didn't help either.  Other AD accounts can log into this Macbook with their current passwords (for example: I haven't logged in in over 90 days, our default password expiration period, and I could get in just fine AND I was prompted to update my keychain password)
    Side note:  I was hoping to find the equivalent of a "gpupdate /force" for OSX, but that seems to be hard to find.
    What other information is needed?
    Thanks!

    Hi, did you manage to solve this?
    I have a similar issue:
    - Suddenly, more than one week ago, I could not unlock my Mac, hence I believed that my domain password had exipred
    - By using Outlook Web Access I logged in with the old password, which made me realise that the password wasn't expired after all
    - I thought it was useful to change the password anyway, and I did that using OWA
    - I got back to the Mac and realised that I could not login with neither the old and new passwords!
    - I forced reboot the Mac, and now I can login only with the *old* password, the one that stopped working!
    Since then, I need to use the old password on the Mac and the new on all other network resources associated to the domain. All of this happened while in my office, so no networking complications. I have spent time with the Mac still on the same network but the new password never got 'propagated' to it since. 
    G.

  • I recently changed my apple id password and I was prompted to enter the new password onto icloud on my mac. The problem is whenever i try to press enter or forgot password or sign out or pretty much anything, it just makes a sound.

    It won't let me do anything, I can even try to minimize the window. I tried shutting down my computer and it still pops up. Also, because of this, I can't access anything else in my system preferences. Help!

    Hello, I realize this solution is long overdue however I'm posting my solution to help others.  I JUST had the exact same problem.  I recently changed my apple ID password.  Everything accepted the new password except my MAC.  When I booted up my Macbook pro, a message would pop up saying "cannot Back my MAC."  Something like that.  Then I would be prompted, within system preferences, to enter my password.  Both my new and old passwords wouldn't work.  I couldn't sign out, seek help, click on "forget" and every time I tried something, it would make the "noise" and just shake the message box. 
    After several failed attempts to fix based on forum suggestions and google research, I stumbled upon a solution myself.  I went into iCal, Address Book, and Mail and manually deleted iCloud from each of these.  Then I added iCloud back to each of them, using my new password, and the verification worked!!  I rebooted my MAC and the same message came up "cannot Back my MAC."  I was once again prompted to enter my apple ID password and the new password was accepted!!  I rebooted one more time to be sure.  Everything was synced.
    I hope this helps someone else out there.  Very frustrating when something so simple, like a password change, can wreak so much havoc!!!

  • Domain Password Changes - Bad User Experience

    I just want to say this is ridiculous and annoying. i use my iPhone at work and every time my domain password expires and i need to change it it causes all sorts of issues with my iPhone. It asks me to update the password so i do then it asks me again and again. I sat through it all just to see how many times it would ask, 7 Times. in the past i had to wipe my mail settings (MS Exchange) and WiFi settings and renter them (or it seems enter my details 7 times).
    This to me is a really bad experience. I should only need to enter these details in once, it should be smart enough to realize that i use the same domain credentials for multiple features (WiFi, proxy, mail) and update them.
    Who thinks we should only need to update these details once?

    I wouldn't call that ridiculous. Just good practice. I could understand needing to enter it up to 2 times, but 7 whats the go there? I say 2 because there are 2 different sections that use it. First the WiFi/Proxy, and second the Exchange server Mail Account.
    so i'd be happy if it asked me one for the wifi/proxy when i tried to access it and another time for the mail when i try to access it. but when i try to access something like the app store thats when it just constantly asks me.
    Can you explain why i must be prompted 7 times? whats the problem with using the same domain credentials for your mail and wifi? in most cases they will be the same.

  • Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."

    Hi,
    Windows 7 or Windows Server 2008 R2 domain join displays error "Changing the Primary Domain DNS name of this computer to "" failed...."
    DC:windows Server 2008 R2
    Domain functional level:Windows Server 2003
    When Winxp join domain, have no this error message.
    I checked http://support.microsoft.com/kb/2018583?wa=wsignin1.0 does't work.
    There have 3 suggestion in this article:
    1.The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined.
    Doesnt's work.
    2.Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain.
    On my DC, I run netstat -an, reslut as below:
     UDP    192.168.20.3:137       *:*
    3.The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
    We are not using IPV6.
    This server recently updated from Windows Server 2003 to Windows Server 2008 R2. Before upgrade, when Win7 and Win2008 join this domain, also have the same error message.
    Please help to check this issue.
    Thank you very much.
    BR
    Guo YingHui 

    Hi Guo Ying,
    I have faced this critical error which makes over-writes the host names in the domain when you join.
    For example: Already you had a host name called as PC.domain.com in the domain.com Domain.
    When you try to add the another host name called as PC in the domain.com Domain, it doesn't give you the duplicate name error on the network it does over-write the existing host name called as PC.domain.com & it will add the new host name into the domain.
    Host name which got over-written will get removed from the domain. I faced this issue in my project. My DPM host name got removed from the Domain & new host name got joined into the domain which halted my backups for one day.
    Final Resolution is as follows:
    You need to start the dns console on the DC & drop down the domain name.
    Select the _msdcs when you click on _msdcs it will show the Name Server's list on the right hand side.
    You need to add the Domain Naming Master under the _msdcs or add all the domain controllers which you had.
    After you add the Name server's try joining the PC OR Laptop to the domain which is successfully joins it.
    Regards
    Anand S
    Thanks & Regards Anand Sunka MCSA+CCNA+MCTS

  • I changed my apple ID password and now facetime cannot verify my e-mail address.  I have tried changing my password back but still recieve the same pop up window telling me that the email could not be verified and to check my network but have wifi working

    Please help.  I changed my apple id password and now cannot use facetime and my icloud continues to prompt me for my password and I continue to give it but, I repeatedly am prompted for the password unless I cancel the icloud.  I have tried changing my password back to the password I had before and this did not work.  I have tried to use another e-mail address for facetime and had verified that e-mail address and this did not work.  I do not know how to fix this problem.  I have thought about changing my apple id but am not sure how I would be able to carry over the same credit card number to the new apple ID.  I loved my Mac book Pro because I could facetime my boyfriend while I am working away and now I cannot.  I am starting to hate Mac.

    The idea to jumpstart by change was not the smartest one, but gives you an opportunity to use that "temporary" account as permanent. You do not have a choice cause obviously despite you thinking that old account is no more -it does exist on Apple servers. And if you are unwilling to share your [email protected] with friend, just create one extra [email protected] for your friend. One suggestion - do not use gmail.

  • Every time I try to send to the trash anything to the trash appears de following: Finder is trying to make changes. Introduce your password to allow this action. Appears since 24h ago, never before had this problem, What´s the problem?

    Every time I try to send to the trash anything, appears de following: Finder is trying to make changes. Introduce your password to allow this action. Appears since 24h ago, never before had this problem, What´s the problem?  I am using Mac OS lion

    Can you post the permissions on your Home folder?
    Open Terminal, copy and paste this command. Copy the output and post here. If you want to mask out your user name, then paste the output into a text editor and use Find/Replace to change it to something like "username" before pasting it in here.
    ls -ale

  • Desktop to Trash Problem: "Finder wants to make changes. Type your password to allow this."

    Suddenly today I get a dialog box stating "Finder wants to make changes. Type your password to allow this," whenever I attempt to drag a file from the desktop into the Trash on the dock.  How can I stop this and return to a normal function of dragging desktop files into the trash?  Thanks in advance.

    Back up all data now.
    This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. If none of this is meaningful to you, you don't need to worry about it.
    Step 1
    Launch the Terminal application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
    Drag or copy — do not type — the following line into the Terminal window, then press return:
    sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:20 ~ $_ ; chmod -R -N ~ $_ 2> /dev/null
    Be sure to select the whole line by triple-clicking anywhere in it. You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning. If you don’t have a login password, you’ll need to set one before you can run the command.
    The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
    Step 2
    Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
    When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar. A text window opens.
    In the Terminal window, type this:
    resetpassword
    That's one word with no spaces. Then press return. A Reset Password window opens. You’re not going to reset a password.
    Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
    Select your username from the menu labeled Select the user account if not already selected.
    Under Reset Home Directory Permissions and ACLs, click the Reset button.
    Select  ▹ Restart from the menu bar.

  • TS3899 I was hacked and had to change my yahoo password.  I cannot get my iPhone or iPad to accept my new password.  Am not receiving emails on either device.  I had no problem changing my password on my computer.  What is the secret?

    I was hacked and had to change my yahoo passwrd.  I cannot get my iPhone or iPad to accept my new password so I cannot receive messages on either.  I had not problem changing my password on my apple computer.  Please help!  What is the secret?

    Delete the account on your phone & iPad. Then set them up again.

  • Problem changing apple password?

    Ive been trying to change my apple login password which I could do not to long ago and now for some reason it doesnt alllow me to change my password it goes threw the proccess the only thing ploblem it has is when the email gets sent to the account and from then you would continue with the instructions but the thing is that I no longer get that email that would provide a link to change your password. I had to call apple and tell then to send me the email that had to be sent to me in order ro get it they didnt provide information as in why this happened. Does anyone know away around this I ready dont want to call apple if this ploblem would happen again, or is this just a ploblem with apple at this moment. Has anyone had this ploblem as well.
    Ps I have tried to reset this in several devices
    ipod touch, ipad, mac mini, and pc all of them failed to reset the password succefully
    note: I have done this in the past

    http://apple.com/support/itunes/contact/

  • Changing the internal domain to a subdomain -- Help!

    Hello, so I have a huge project coming up and i was wondering if someone had some experience on this that could give me some advice.
    So,  started working on this company that has an internal domain called.. lets say abc.com  and external alphabetaghama.org   ..  the problem we have is that we cannot get certs for our internal domain for public access like our exchange
    server fqdn for example is exchange.abc.com ... Someone else owns abc.com which prompted my new boss to fix this and now i have a project to change our internal domain to match our external but I know that the best practice is to have a
    subdomain as the internal domain and I think that's the route my boss wants to go with..  which brings me to my question.
    What will I have to do to get this accomplished... our external domain name is really just a forward zone and i dont have a forest so does that mean that i will have to build a alphabetaghama.org forest and add a subdomain like corp.alphabetaghama.org 
    for our internal and then migrate everything over? 
    We currently have exchange 2007 with 2008R2 DC's..  our new domain would be on 2012R2 DCs with the same exchange server..
    Sorry if something doesn't make sense, I'm a little new to a major project like this...

    Hi,
    This really depends on the requirements. As the Domain restructure is a huge project, we'd better have some experts with good experenses at hand. And if the problem (to get public access) is solved,  it is recommended to have a good consideration
    if the rebuilding is needed.
    Regarding the internal domain name, maybe you want to have a look into the below MS article:
    How Domain Rename Works
    http://technet.microsoft.com/en-us/library/cc738208(v=WS.10).aspx
    For your reference:
    ADMT Guide: Migrating and Restructuring Active Directory Domains
    http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
    One thing to mind is ADMT tool may cannot
    be installed on a Windows Server 2012 DC, so please make sure in the target domain we have a Windows Server 2008 DC to be the ADMT server.
    ADMT 3.2 and PES 3.1 installation errors on Windows Server 2012
    http://support.microsoft.com/kb/2753560
    Hope this may help
    Best regards
    Michael
    If you have any feedback on our support, please click
    here.
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Windows 2012 Verification of prerequisites for Domain Controller promotion failed

    Windows 2012 Verification of prerequisites for Domain Controller promotion failed and gave the below error(In computer management local group and user option is not there as suggested by a solution!)
    "Verification of prerequisites for Domain Controller promotion failed. The local Administrator account becomes the domain Administrator account when you create a new domain. The new domain cannot be created because the local Administrator account password
    does not meet requirements.
    Currently, the local Administrator password is blank, which might lead to security issues. We recommend that you press Ctrl+Alt+Delete, use the net user command-line tool, or use Local Users and Groups to set a strong password for the local Administrator
    account before you create the new domain."

    OK, the reason you see this error is because when you set up and configured your Windows R2 environment you may have logged into the OS with an account other than Administrator. So, if you created your log in account named Bob, this is throwing off the Server.
    So, hit Ctrl-Alt-Delete, and look who you are logged in as, and then change the account you are logging in as and use the local Administrator account. What you may find is that the default Admin account password has not been set.
    Check that out and see if that is what you are experiencing.
    Best wishes

Maybe you are looking for

  • Why do ipod touchs only last 1 year?

    My best friend has as ipod and it's lasted for like two years now. I've had to buy 2 ipod's in the time she's had her's. Why arn't mine lasting as long as her's? I've heard somewhere that normal iPod touches only last 1 year.. WHY?? It's not like mon

  • To create light pdf files

    some customers ask me to create light pdf files...very light...as they asked me for in design catalogue of 100 pages with tables and images (the standard process makes low res pdf files of at least 20 MG)....is there a way to do this?

  • SQL - Select Help - Case When? Return Value from Second Table?

    Hi - next to folks on this board I am probably somewhere between a Beginner and an Intermediate SQL user. Ive been using a case when statement in plsql to find "all those who's status in any program was cancelled during a specific time, but have beco

  • How to display Various language characters (unicode,UTF8) on mobile

    Hi I am using mobile application with MIDP2.0 and CLDC1.1 My Requirement is : Server is sending me an XML which consists of Unicode characters Server is properly sendin me the charcters(Server is enterprise application) At client side(developed in J2

  • Linking PDF within ePub

    Greetings, I converted a MS Word document into a ePub using Adobe Robohelp. My word document has link to external PDF files(located in same folder). After converting to ePub I lose those links when I preview it on a iPhone. Is there a way to get arou