Domain user can't change password

  • Thread starter Thread starter Hank Arnold
  • Start date Start date
H

Hank Arnold

Not sure if this is a DC GPO or local GPO question.

We are setting up our new XP workstations so that they are added to our W2K
AD domain. They then do a domain logon. Everything works fine except for one
thing.

When they are prompted that their domain password will expire in xx days (or
has expired), they enter the new password, confirm it and then click on
"OK". They get back the response that "You are not authorized to change the
password" (or words to that effect). An admin has to log on and change it
for them in AD.

Needless to say, this is a royal PITA..... Is there a GPO setting that we
can set? Hopefully, it's a domain GPO setting, but a local GPO is
"OK"............

TIA.
 
Hi Hank,

This shouldn't be a GPO issue.

Check the domain account (account properties) and see if the account is
prohibited from changing password.

br,
Denis
 
The domain account is fine, I think. If the user logs on to the Citrix/TS
server, they get the password change prompt and it works just fine. The
problem is when they do a domain logon on the local machine. They get a
prompt and enter the changed password. When they press "Enter" is when they
have a problem. This is what makes me think it's a problem on the local
machine, not the domain....
 
I am having teh same problem too, I have enabled teh permission suggested in
the kb article but teh users still can't change theier passwords when
prompted with expiry notification. Could it be a registry setting on teh
domain controller?
 
Back
Top