User must change password at next logon

[Wheaties]

Ok, here is the situation. In the past, we have not made our users
change their passwords on a regular basis, so a majority of our user
accounts have been created with the "Password never expires" checkbox.
We are now moving to requiring password changes and the such.

Here is what I have encountered:

First, I uncheck the "Password never expires" box and than check the
"User must change password at next logon" (usually overnight when the
computer is offline). I know I can do this through ADSI, but hear me
out. The next day when the user logs on, they are not prompted to
change their password initally. It always take a log off and log on to
prompt the change.

My question to you all is "why ?"

Do I need to uncheck and check the appropriate boxes while the user is
logged on and thus the next time they log on, the system will prompt
them to change? Does AD write these changes locally for the next
logon.

Any help would be greatly appreciated.

John

 

[Deji Akomolafe]

Yes, they need to logoff and log back on for the change to take effect. If
the just lock their computers and go home, their current logon credential is
cached locally and unlocking the computer the next day does not reverify the
password with the DC.

HTH
Deji

 

[Wheaties]

My users are doing a fresh boot and not locking their computers. They
are not being prompted to reset their password and are logging on via
cached credentials with no access to domain resources. Once they log
off again, they are prompted to change their password and all is well.
Even if I uncheck and check the boxes after the user is logged on,
some are still having a problems. Here is a little info on our
environment:

Domain: Windows 2000 (DC SP4)
Client: Windows XP

Any help would be appreciated.

John