Account Unlocks and Manual Password Expirations Are Not Replicated Urgently (306133)
The information in this article applies to:
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
This article was previously published under Q306133 SYMPTOMS
Several attributes of an Active Directory user account determine whether a user can log on to the domain, and whether the user's password must be changed. Because of latency in Active Directory replication, the logon behavior for a user may not always be predictable.
CAUSE
Attributes that affect the user logon process include:
- LockoutTime: When an account becomes locked, the LockoutTime attribute is set to the time and date (with a UTC timestamp) of the event (this is typically zero). The new value is then replicated urgently in a site. When the account is unlocked, the attribute is again set to zero, but this change is not replicated urgently.
- PwdLastSet: The User Must Change Password At Next Logon setting sets the PwdLastSet attribute to zero. This indicates that the user should be prompted to change the password before the user can log on. After a user changes his or her password, this attribute stores the UTC time when the password was changed. Changes to this value are not replicated urgently or pushed to the primary domain controller.
- Password Attributes: When these attributes are modified by a password-change operation, or by a password-reset operation (by an administrator or by a user who has been delegated the right to perform such an operation), these attributes are pushed to the primary domain controller but are not replicated urgently.
RESOLUTIONTo resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
------------------------------------------------------
08-Oct-2001 18:28 5.0.2195.44 123,664 Adsldp.dll
08-Oct-2001 18:28 5.0.2195.43 130,832 Adsldpc.dll
08-Oct-2001 18:28 5.0.2195.40 62,736 Adsmsext.dll
08-Oct-2001 18:28 5.0.2195.43 364,816 Advapi32.dll
08-Oct-2001 18:28 5.0.2195.41 133,904 Dnsapi.dll
08-Oct-2001 18:28 5.0.2195.43 91,408 Dnsrslvr.dll
08-Oct-2001 18:29 5.0.2195.44 529,168 Instlsa5.dll
08-Oct-2001 18:28 5.0.2195.44 145,680 Kdcsvc.dll
04-Oct-2001 21:00 5.0.2195.44 199,440 Kerberos.dll
04-Sep-2001 09:32 5.0.2195.42 71,024 Ksecdd.sys
27-Sep-2001 15:58 5.0.2195.44 511,248 Lsasrv.dll
06-Sep-2001 18:31 5.0.2195.43 33,552 Lsass.exe
27-Sep-2001 15:59 5.0.2195.42 114,448 Msv1_0.dll
08-Oct-2001 18:28 5.0.2195.41 312,080 Netapi32.dll
08-Oct-2001 18:28 5.0.2195.43 370,448 Netlogon.dll
08-Oct-2001 18:28 5.0.2195.44 912,656 Ntdsa.dll
08-Oct-2001 18:28 5.0.2195.44 387,856 Samsrv.dll
08-Oct-2001 18:28 5.0.2195.41 111,376 Scecli.dll
08-Oct-2001 18:28 5.0.2195.44 299,792 Scesrv.dll
08-Oct-2001 18:28 5.0.2195.40 50,960 W32time.dll
01-Aug-2001 21:44 5.0.2195.40 56,592 W32tm.exe
08-Oct-2001 18:28 5.0.2195.44 125,712 Wldap32.dll
06-Sep-2001 18:31 5.0.2195.43 507,152 Lsasrv.dll
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.
Modification Type: | Minor | Last Reviewed: | 9/26/2005 |
---|
Keywords: | kbHotfixServer kbQFE kbbug kbfix kbSecurity kbWin2000PreSP3Fix kbWin2000sp3fix KB306133 |
---|
|