0

I'm very new to network administration so please bear with me. I recently set up a new Dell server for a company, running Windows Server 2016, to act as a file server. We are also running Active Directory for the first time from this server.

I believe I have configured everything correctly since I am able to connect to the server and log into it. The problem I am having is that when I set up all the employee accounts, I checked a box that says that the next time a user logs in, change the password. Obviously, to minimize security risk. This problem below occurs: click

I know this problem has been shown here before, but what makes mine different I believe, is that I'm not doing any sort of RDP, I'm just mapping a network drive. That's it. I'm not try to remote into anything or any of the sort and I'm just trying to wrap my head around what could be going on.

What is causing the problem and how can I fix it?

Harry Johnston
  • 5,875
  • 4
  • 35
  • 52
DsDude
  • 11
  • 1
  • 1
  • 2
  • 2
    Putting the file server in its own domain is a curious choice, and pretty much the underlying cause of your problem; can you expand on why you set it up this way? – Harry Johnston Feb 28 '19 at 21:00
  • I figured it was going to be the fact that I put the file server in its own domain, the reason why I did that is because I was having trouble figuring out how to add it to the network domain, if you could point me to the right direction I'd be thankful. – DsDude Feb 28 '19 at 21:30
  • @HarryJohnston I don't think we initially had a domain controller until we installed this dell server, we initially have two appe mac mini servers that we were using and decided to upgrade to a Dell server using windows 2016, so I'm confused on how it wouldve been set up, is there any way to just start from scratch using the dell server as the main server and domaincontroller? – DsDude Feb 28 '19 at 22:00
  • That's a different scenario than the one I was imagining. So you've got an ad-hoc network, and the users are just logging into local accounts on their individual machines? You need to provide some way for the users to change their passwords on the file server. How many users are we talking about, and are they all in a single building or what? – Harry Johnston Feb 28 '19 at 23:20
  • We are talking about 50 users and they are in a single building.Yes, the users log into their own accounts on the individual machines, they map to the network drive to be able to access files on the server. – DsDude Mar 01 '19 at 14:55
  • Hi, I've edited your question to include some of this detail and to better conform to Stack Exchange conventions. You can roll back the change if you don't like it, and/or edit the question again yourself. (I changed the title because Stack Exchange uses words in square brackets to indicate the status of the question, e.g., `[Closed]` to indicate a question that has been closed, so there was some risk of confusion.) Welcome to Server Fault, by the way! – Harry Johnston Mar 01 '19 at 22:10

2 Answers2

4

Many methods of authenticating don't handle the case were a password needs to be changed, so they don't offer an interface to enter both the old password and a new one. You'll want to have your users use one of the mechanisms that do support this. Two that I know of are:

  • Log in locally, with the credentials that need to be changed, to the console of a machine that they have rights to. (It sounds like you are using this as a file server, so they probably don't have rights to log in interactively. And they probably don't have physical access.)
  • Be logged in with some other credentials (to a machine in the same domain or a trusted domain), hit Ctrl+Alt+Del, choose Change a password..., then enter the username for the account they want to change the password for, and then enter the old password and the new password (twice, for confirmation).
Doug Deden
  • 1,796
  • 6
  • 10
0

We are talking about 50 users and they are in a single building.Yes, the users log into their own accounts on the individual machines, they map to the network drive to be able to access files on the server.

In this scenario, your best bet to get everything going reasonably quickly is to take the simple approach. Put a machine in your office - or in someone else's office, if you don't have an office in the same building - add it to the domain, get the users to come in whenever it is convenient for them, log in with their initial domain password, then change it. Or it might be quicker to use your own machine, logged in with admin privilege, and get each person to type in the password they want to use directly into the "reset password" dialog.

In the longer run the business might want to consider whether it is worth moving to a domain model where all the user's machines are in the domain and they only have the one domain account. This might be done either piecemeal, as individual machines are replaced, or all at once, although the latter has the potential to be quite disruptive to the users. With only 50 users I'm not sure how the cost/benefit ratio of Active Directory turns out, perhaps someone with more experience dealing with organizations of this size can comment on this aspect.

Harry Johnston
  • 5,875
  • 4
  • 35
  • 52