#104861 - 2003-09-19 04:25 PM
Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
I am using the ADSI ChangePassword method of changing the domain password with KixTart. My problem is with our VPN connected users who disconnect their VPN session before logging off. They end up having to logon to their (disconnected) PC with their old domain password and connect to VPN (the domain) with their new one. This is confusing and causes resource and access problems in the long run. Apparently, the ADSI method works and changes their password, but does not update the associated cached account password on the local system. The only thing I know of that will change both is running CTRL-ALT-DEL and clicking the Change Password button. If the VPN user is connected and then do it this way, it changes both, but we want to call it and control it in a script.
Does anyone know how to update the cached domain account password so I can change it when I do the ADSI domain password change?
Many thanks for your help.
G
|
|
Top
|
|
|
|
#104863 - 2003-09-19 04:36 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
Sorry LLigetfa for the typo...I seem to do that every time I post. You'd think I'd get tired of the whiplash I always get and learn. ![[Smile]](images/icons/smile.gif)
The VPN client does not integrate with the MSGina. They have to logon first and run the VPN Client.
|
|
Top
|
|
|
|
|
#104865 - 2003-09-19 04:45 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
Figured as much, but was hoping one of these scripting geniuses would know how or be able to figure it out. ![[Confused]](images/icons/confused.gif)
KiXtart still Rules! ![[Big Grin]](images/icons/grin.gif) (BTW, good advice...I know I'll remember next time)
|
|
Top
|
|
|
|
#104867 - 2003-09-19 05:19 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
Wisely stated! I feel the same way. It's our HelpDesk group that is the squeeking wheel here saying that too many calls will be produced to handle if it is not fully automated.
Hey, I've just about done everything I can. I think it's gonna come to that after all. ![[Wink]](images/icons/wink.gif)
|
|
Top
|
|
|
|
|
#104870 - 2003-09-19 06:50 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
Shawn, Tried both with no luck. I think I may open a case with Microsoft. There has got to be a way to kick off that golden code that sync's the cached password with the domain password. It does it at logoff (if you are still connected). It also does it when you do a Change Password from CTRL-ALT-DEL.
Thanks everyone. I'll let you know if I find an answer outside of this site. In the meantime, keep the ideas coming. ![[Cool]](images/icons/cool.gif)
|
|
Top
|
|
|
|
|
#104871 - 2003-09-19 07:23 PM
Re: Changing Cached Domain Account Password
|
Shawn
Administrator
Registered: 1999-08-13
Posts: 8611
|
stand by ... want you to try something ...
Bryce and I whipped up this little c-program that actually calls the win32 api for changing the password, before you call MS, might want to give it a try:
http://www.isorg.net/kix_tools/
look for changepass.zip, in there a sml util called:
CPWD.EXE
that works like this:
shell '%comspec% /c cpwd @domain @userid $oldpass $newPass > nul'
Worth a shot, might force the cache to reset but not overly hopefull.
-Shawn
[ 19. September 2003, 19:28: Message edited by: Shawn ]
|
|
Top
|
|
|
|
|
#104872 - 2003-09-19 09:20 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
Right now, it keeps telling me wrong current password. I'm trying to figure out why right now since I have verified my current password. I'll keep trying unless you know something I don't and I'll post again later if I get it working or not.
G
|
|
Top
|
|
|
|
|
#104876 - 2003-09-19 10:49 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
This is true...we're on an NT domain, but the clients are XP. Can this tool be used for NT domains? BTW, Chris, did you overcome the problem or was the fix AD?
Still telling me wrong current password.
G
|
|
Top
|
|
|
|
|
#104880 - 2003-09-19 11:19 PM
Re: Changing Cached Domain Account Password
|
MaestroG
Fresh Scripter
Registered: 2002-12-30
Posts: 28
Loc: Tulsa, OK
|
Actually, I'm just trying it on my XP and 2K workstations in the LAN first to see if the change password works before I try it with a laptop over VPN. I can pretty much duplicate the behavior also by changing the password and then pulling the NIC cable and then logging off. If I can't log back on with the new password, I know the cache wasn't updated. This is essentially what is happenening in our scenario when you break it down anyway.
I'm not sure why this API tool wouldn't work. Are their any dependencies or some other preparation I should know about or do?
G
|
|
Top
|
|
|
|
Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 987 anonymous users online.
|
|
|
![[Frown]](images/icons/frown.gif){kind=icon}
