0

We are upgrading/replacing old Windows 2008 servers. We have not been able to upgrade the 2008R2 DC yet, but the 2008R2 RDS server are replaced by 2019RDS server.

When password expired on an user account - the user would be prompt and forced to change password when trying to login on the old 2008R2 RDS. This doesn't happen on the new 2019 RDS server. I have to manually set new password for the user. If I hook of the "User must change password at next logon" - the user will not be able to logon to the new RDS 2019 server (they will just get a message that they need to change they're password, with no possibility of doing this on the RDS server.This is a domain with only servers, so user will only use RDP to some few RD servers.

  • Is this because of some compatibility problem between the OS'es? - Can we expect it to start working when we upgrade the 2008R2DC to W2012, or do we need to upgrade the DC further?
  • If this is not related to OS differences - what can we do to get the behavior we had on the 2008RDS working on the new 2019 RDS?
Henrik Ormåsen
  • 233
  • 2
  • 12
  • What services are currently running on the DC box? Just ADDS and DNS? – Christopher H Aug 17 '20 at 10:59
  • `they will just get a message that they need to change they're password, with no possibility of doing this on the RDS server.` So they are getting the message, but they aren't entering CTRL-ALT-END to change their password? – Greg Askew Aug 17 '20 at 11:03
  • @GregAskew - Before they didn't need to press CTRL-ALT-END to change password when it was expired. They were demanded and guided to change the password. A really neat feature. Now they need to remember to change it before it expires. I don't think they get any warning messages about it any longer either. – Henrik Ormåsen Aug 18 '20 at 11:32
  • @ChristopherH - The DC have the following roles (if that's what you are thinking about): ADSS, DHCP, DNS, File server, IIS (don't know if used for anything anymore). – Henrik Ormåsen Aug 18 '20 at 11:35
  • ` Now they need to remember to change it before it expires.` What's to remember if a message is displayed that their password will expire soon? Windows will display a notice in the notification bar when the password approaches expiration, unless that has been disabled. And why is it "not possible" to change the password? What happens when they press CTRL-ALT-END? Does it not display the security dialog with an option to change the password. – Greg Askew Aug 18 '20 at 12:31
  • I would strongly advise building a new DC to replace the 2008 R2 box, as (although it is supported) it can cause more issues than what it’s worth. You’ll also sleep better at night too (speaking from experience). It would take you no more than a couple of hours to build a new DC from the OS install disk, migrate the roles and decommission/demote the old DC. Running a 2008 R2 domain controller with a 2019 RDS is asking for trouble. – Christopher H Aug 18 '20 at 12:41

0 Answers0