0

I have 600+ users in AD, but only one causes me trouble. The problem is I can reset his password from AD, he can then log in to his machine. After that he would like to change his password from Windows 7, and proceeds without errors. Logs out or locks the workstation but cannot access it again using either old or new password. So I have to reset it again and he can only use the one I provide for him. All our machines are in the same physical location in the same subnet. Functional level is 2003.

I'm totally out of ideas. I could create him new user account, but I'd possibly like to know what causes this. I can only suspect some sort of synchronisation problems but other accounts work fine, and I don't know how to dig deeper into this.

Thanks, Piotr

Piotrgo
  • 101
  • 1
  • Do you have a another machine that he could test on? GPResult or system logs show anything interesting? – AthomSfere Jun 27 '13 at 10:58
  • Have you checked the workstation date, time, and time zone settings against those of the server? If those are good have you looked into removing and re-adding workstation to domain or the possibility of a corrupt profile? – Pablo Jun 27 '13 at 17:49
  • I'm with AthomSfere and Pablo (in the comments above). I suspect the workstation, not the user. You can verify this by having him log into a different workstation. I would check for: Workstation date/time, bad computer account, malware, etc. – Katherine Villyard Jun 27 '13 at 23:14

1 Answers1

0

  1. Since the user can change his password it means that he passes through policies. What does the admin see in pwdlastset after the user has changed the password?

  2. If the user can’t log in from his own machine with the new password, can this user log in form a different machine with this new password? If not, then probably the password has not been changed in AD.

Netwrix
  • 1
  • 1