Hi,
Good day to all. I have an ADAM synchronising its proxy-user from an AD.
After changing password in an XP client logon to the AD(restart or without restart), both the old and new passwords can still be used to LDP into the ADAM.
1. Though there are many DCs in my AD, replication is ruled out - as the phenomenon remains after a force replication on all the DCs.
2. AD-ADAM sync is also ruled out as I after performing a manual synchronisation (via the XML stuffs), the symtom persists. In addition, it is a proxy-user, so authentication is refered to the AD DCs, right ?
3. On my XP client, I had also renew the kerberos tickets via "klist.exe purge" and "klist.exe tgt"
I had come across a MS NTLM behaviour issue, something to do with "OldPasswordAllowedPeriod" - http://support.microsoft.com/kb/906305
I would like to know do I need to know if I need to change this setting on an AD-DC ?
Do I need to do anything more on the ADAM configuration sets or anything at all ?
I would appreciate if anyone has come across this provide some advice to me. Thanks.
Have a nice day.
Bookmarks