Why user can use the last two passwords log on exchange server

The environment: Windows Server 2003 Enterprise with sp1 + Exchange Server 
2003 Enterprise with sp1

If user change the password via iisadmpwd, and the user can access the mail 
via OWA or Outlook with the last two password. But if i enable the Form 
Authentication, user must type the lasted password to access the mail via 
OWA, but Outlook also can use the last tow passwords.
0
ClarionLi (2)
7/17/2005 7:03:03 PM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
605 Views

Similar Articles

[PageSpeed] 48

The only reason the user would be able to use the last two passwords would 
be that there is a delay in replicating the password change.  When a user 
changes a password (in any way, not just through OWA) the change is made on 
the currently selected domain controller, and then it's quickly transferred 
to the domain's PDC emulator FSMO role holder.  If you try to log on with 
the old password connecting to a domain controller that doesn't have the 
changed password, you'll be allowed to.  If you try to log on with the new 
password, the server will check with the PDC emulator to see if the password 
has been changed, and you'll be authenticated.

So, I would suggest that you check to ensure that your AD replication is 
working properly.
-- 
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"

"Clarion Li" <ClarionLi@discussions.microsoft.com> wrote in message 
news:021E031A-D9EE-4BC0-8AC3-A32A181F684A@microsoft.com...
> The environment: Windows Server 2003 Enterprise with sp1 + Exchange Server
> 2003 Enterprise with sp1
>
> If user change the password via iisadmpwd, and the user can access the 
> mail
> via OWA or Outlook with the last two password. But if i enable the Form
> Authentication, user must type the lasted password to access the mail via
> OWA, but Outlook also can use the last tow passwords. 


0
curspice6401 (3487)
7/19/2005 8:43:41 PM
Thanks for your response!
But, the OWA placed on the unique PDC. I follow the step of 
http://support.microsoft.com/kb/267568/ and it's can't work, and i found that 
After 1 hour from the password has been changed user can only login with the 
lasted password.


"Ed Crowley [MVP]" wrote:

> The only reason the user would be able to use the last two passwords would 
> be that there is a delay in replicating the password change.  When a user 
> changes a password (in any way, not just through OWA) the change is made on 
> the currently selected domain controller, and then it's quickly transferred 
> to the domain's PDC emulator FSMO role holder.  If you try to log on with 
> the old password connecting to a domain controller that doesn't have the 
> changed password, you'll be allowed to.  If you try to log on with the new 
> password, the server will check with the PDC emulator to see if the password 
> has been changed, and you'll be authenticated.
> 
> So, I would suggest that you check to ensure that your AD replication is 
> working properly.
> -- 
> Ed Crowley
> MVP - Exchange
> "Protecting the world from PSTs and brick backups!"
> 
> "Clarion Li" <ClarionLi@discussions.microsoft.com> wrote in message 
> news:021E031A-D9EE-4BC0-8AC3-A32A181F684A@microsoft.com...
> > The environment: Windows Server 2003 Enterprise with sp1 + Exchange Server
> > 2003 Enterprise with sp1
> >
> > If user change the password via iisadmpwd, and the user can access the 
> > mail
> > via OWA or Outlook with the last two password. But if i enable the Form
> > Authentication, user must type the lasted password to access the mail via
> > OWA, but Outlook also can use the last tow passwords. 
> 
> 
> 
0
ClarionLi (2)
7/20/2005 2:53:01 AM
Reply:

Similar Artilces:

find action on log file
Hello there I want to use outside tool to find who made some update on table in my server I know that there are many tools for this. But can they do it on simple recovery model? Roy Goldhammer (royg@yahoo.com) writes: > I want to use outside tool to find who made some update on table in my > server > > I know that there are many tools for this. But can they do it on simple > recovery model? No. If you are using the simple recovery model, the contents of the log is wasted away everyonce in a while. Well, if the disk area has not been overwritten...

Voice connector on Exchange server 2007.
Is there any functionality available in exchange server 2007 regarding voice connector? If not how can we create it? Thanks in advance. Ashwin Exchange 2007 has the "Universal Messaging" role which is intended for this purpose. Do you have a PBX? -- Ed Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!" "Microsoft Exchange 2007 command shell" <MicrosoftExchange2007commandshell@discussions.microsoft.com> wrote in message news:FAE20A61-AD17-4218-90C2-9356CA90B2A0@microsoft.com... > Is there any functionality available in exch...

Reporting from Project Server
I dont know if i need to ask this question here or in the Access section. I have an ODBC connection to the Project Server database so I can make reports through Access. Access' limit of 255 fields per table is causing me some trouble. for example, the MSP_VIEW_PROJ_PROJECTS_ENT table has well over 255 fields. Access only shows me the first 255 fields. how can I change that so I can see all the fields in that table? thanks, Hadi Hadi, I have not tried this yet it may be a viable option. Have your DBA create a view that pulls the key fields to this table and the specifi...

Using Relative path for XML data file?
Is there a way to specify a relative path to an XML data file imported into Excel 2003? I am writing a web app that generates report data as XML for the user to download to their local machine. This data is to be consumed by an Excel reporting spreadsheet, which contains display-formatted tables and charts that are mapped to various data fields in an XML Map, which is in turn linked to the xml data file they will download. The idea is the user only needs to download the data for updates, not the whole spreadsheet. However, since I cannot predict the path where the user will store their...

password protection paramenters
Hello, I want to be able to unprotect my sheet, add a wordart graphi and reprotect my sheet. The problem I am having is when I do this wit code the file is protected with the default parameters selected. I wan to be able to enable wordart so I can insert a wordart object and the protect the sheet again. I want to get around the user being able to just delect the added wor art. When protected I would like the following parameters to be set: Allow users to select locked cells select Unlocked cells format cells format rows Its the "edit objects" parameter that needs to be enabled fo...

How to suppress repeating password prompts and scope pre-emption?
Outlook (2003,2007, perhaps other versions also) has an absolutely enraging feature seemingly devised to intentionallly cause major distress and anguish on the parts of its users, to wit: Whenever an email account provider computer decides the account has been open too long and requests a new logon, (ATT/Yahoo) or an account was never able to log on in the first place (bad password) a window periodically pops up and the keyboard entry goes directly into the password field with no warning. I am often typing an email etc. and find that the previous paragraph of text, some of i...

Reading SQL Server Extended Properties
I have an Access 2003 front-end (mdb/mde) connected to a SQL Server 2000 back-end. SQL Server 2000 offers the ability to add extended properties (such as a caption, for example) to objects (tables, columns, etc.) using a stored procedure called sp_AddExtendedProperty, along with the ability to retrieve the values of these extended properties via a function named fn_ListExtendedProperty. With fn_ListExtendedProperty, four columns can be returned/selected using a Select statement: objtype, objname, name and value. The first three columns returned are of datatype sysname, whil...

Formula without using numbers after decimal in the answer
I have a formula that derives the answer from a figure with a decimal. I don't want to use the figures after the decimal. Is there a way to just use the whole number and omit the numbers after the decimal without having to manually key in all these numbers manually? Thanks, Mustang You can use the INT function. This 'rounds down' any number to th nearest integer, e.g. if A1=2.567, a formula in B2 of =INT(A1) return 2 HTH Bruc -- swatsp0 ----------------------------------------------------------------------- swatsp0p's Profile: http://www.excelforum.com/member.php?...

Is anyone an expert with outlook that I can call on the phone?
How do I share calenders between outlook and my MSN Premier account? Assuming you are using the outlook connector, you need to set the msn account to be the default message store then outlook will use the msn calendar as the default. -- Diane Poremsky [MVP - Outlook] Outlook Tips: http://www.outlook-tips.net/ Outlook & Exchange Solutions Center: http://www.slipstick.com Outlook Tips by email: mailto:dailytips-subscribe-request@lists.outlooktips.net EMO - a weekly newsletter about Outlook and Exchange: mailto:EMO-NEWSLETTER-SUBSCRIBE-REQUEST@PEACH.EASE.LSOFT.COM You can access this...

explanation of codes in Visual Basic when creating User form
Hi, I am trying to create a user form in Visual Basic however I'm trying to teach myself by reading/watching tutorials. (www.contectures.o.ca, etc) A lot of the instructions I am seeing simply give the code rather than explain how to actually write one from scratch. So... I need to know what each 'term' means so I can understand how the codes work. Any help is much appreciated :) One of the first codes is for the Add button Private Sub cmdAdd_Click() Dim iRow As Long Dim ws As Worksheet Set ws = Worksheets("PartsData") What d...

Disable Secure Sockets Layer on exchange server when using RPC over HTTP
Hi im trying to enable RPC over HTTP to enable users to establish contact to my Excahger server 2003 over the internet. Now, I dont want to use SSL (security not that important) and i am told by this article that i can disable SSL in windows registry. Quote: Note While RPC over HTTP does not require Secure Sockets Layer, you must modify the registry to enable RPC over HTTP if you do not want to use Secure Sockets Layer. Microsoft recommends that you enable and require Secure Sockets Layer for your RPC over HTTP communications. At this address: http://support.microsoft.com/?id=833401 But i ...

Filters not working in Exchange 2003
I have been trying to turn on the Recipient, Connection, and Sender filters. I have gone to the Default SMTP Virtual Server and turned it on there without getting an error but when I go to the Properties and add senders to block and the hit Apply, it tells me that I must manually turn the filtering on in the SMTP VS. I have stopped and started the Default SMTP VS but still no luck. Any ideas? Hi Wayne That is a standard dialog box, it does not check to see if it is already enabled, have you tested the sender filtering? -- Mark Fugatt Microsoft Limited This posting is provided &quo...

Contacts in Exchange #2
We are running Exchange 2003 and Outlook 2003. I have tried to give a user rights to her boss's contacts through delegation and setting the rights on the contacts folder, however, while she has the rights she is unable to add or see her boss's contact folder in her Outlook. She can see it if she runs a search, but can not permanently put it in her list of contact folders. IS there a way that I can accomplish this through the back-end? Thanks, Joseph rapoport jrapoport@insurmark.net ...

will CRM load on a 2003 server?
will CRM load on a 2003 server? Microsoft CRM v1.2 supports Windows 2000/2003 Server. Frank Lee Workopia, Inc. >> Other Microsoft CRM Online Forum Resources: http://www.workopia.com/Links.htm >-----Original Message----- >will CRM load on a 2003 server? >. > No problem. We just completed a 1.2 installation on a 2003 server, without any problems. Brian Demoe "Troy Hicks" <tlhicks@nc.rr.com> wrote in message news:03dd01c3dcb2$93653a00$a501280a@phx.gbl... > will CRM load on a 2003 server? CRM 1.2 will also load on Small business server 2003 as wel...

Users ability to Manage Groups
When a users goes to the properties of a distribution group in outlook, they are able to use the modify members option, however as far as i can tell they don't have permissions to do this in AD. Does anyone have any ideas as to how to narrow down what is allowing this or how to disallow this ability? Thanks Matthew Loraditch On Fri, 23 Sep 2005 09:07:16 -0400, "Matthew Loraditch" <mloradites AT Yahoo DOT Com> wrote: >When a users goes to the properties of a distribution group in outlook, they >are able to use the modify members option, however as far as i can...

Redirect Exchange 2000 IS backup to different Exchange 2003 server
I recently added an Exchange 2003 server to the same org as a 2000 server. I have dbs from the 2000 server that I need to restore to retrieve email from a user whose mailbox was moved to 2003. So I need to restore the db for that mailbox from BEFORE it was moved because when you move mailboxes you lose any deleted items that were being saved by retention policy. Is this possible? I'm using Veritas Backup Exec 10 but nothing in their support KB seems to follow this exact scenario. If it helps, the old Exch 2000 server is currently empty of users and is ready to be uninstalled. W...

using the journal on outlook
Once I link an email to the journal, can I still find that email in my mail box? I seem to be able to get to it only via the journal. If this is the way it is supposed to be, how do I remove it from the journal and get it back into my mail box? Am I just missing something? -- thanks, Independent Are you linking to the item or putting a copy into the journal item? Also, has the item been archived or not? "Independent" <Independent@discussions.microsoft.com> wrote in message news:868279F2-53C8-403A-97F5-604CEECD873C@microsoft.com... > Once I link an email to the journ...

Exchange 2007 Content Conversion/Encoiding issue.
Hello I have an Exchange 2007 RTM box running in a Windows 2003 only domain. When we scan a document from our Dell 1815n multifunction and have the output emailed, the document shows up as encoded garble instead of an attached document. A message header from a bad email is below. When we scan a document from the same device and send it to a mailbox that still lives on our last remaining Exchange 2003 server, the output from the scanner is attached as a PDF document normally. Any ideas? Thanks Michael Buckley Header from email recieved to Exchange 2007: (server names and I...

Access to User Calendar
I have a user called small conference room that is used to schedule meetings on its calendar. I would like to link the calendar from our intranet site to the calendar with a UNC path. I am calling outlook: and I can get to my local mailbox and public folders but I am unable to connect to another users calendar. I am running Exchange 2003 and Outlook 2003. Is there some security modifications that need to be done? Any help is appreciated. Thanks, Steve I believe that you will need full mailbox rights. -- Ed Crowley MVP - Exchange "Protecting the world from PSTs and brick backups!&...

Are Exchange 2003 OWA Backups necessary
Is there a real need to backup OWA with the DR option available with Exchange 2003? There are no stores running on this box. -- Thanks Paul Paul, I am not sure I understand the question. OWA is just away of accessing your mailbox via a web browser, so by backing up the Exchange servers hosting the mailboxes you are backing up what you can see ia OWA. When you state that "there are no stores running on this box", what box are you reffering to ? Is it a front-end server ? Regards Paul Ford Edge IT Ltd "Paul Bergson" <pbergson@allete_nospam.com> wrote in...

Terminal Server and GP Settings
Not being a Windows Terminal Server expert by any definition, I have a question for somebody who is. When wanting to have a user profile to store individual dex.ini files, my understanding is that each user would have his own Windows folder under their user folder. Additionally, if you typed SET at a command prompt, the settings for WINDIR would point to that user-specific Windows folder. Is this thinking correct? -- Charles Allen, MVP I think you also have to make certain that the dex.ini does NOT exist in the program install location for GP or it will still look to that. Dwight...

Let me use the Line Color icon on charts
It would speed up a lot of my work if I could use the Line Color icon on Excel charts, the same way I am able to use the Fill Color and Font Color icons. However, when I highlight any chart object, like the Plot Area, Chart Area, or a Series, the Line Color icon is disabled. -- Stuart Bratesman, Jr., MPP Muskie School of Public Service Univ. of Southern Maine Portland, Maine ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If ...

Can I share entities in migration process?
The entities in CRM have only one owning user. If I want=20 who a user see a entity of another user, the entity must=20 be shared with this user.=20 Well, I want migrate entities who must be shared with some=20 users. Exists a way to do it? Thank you for pay attention and sorry my bad english. []'s Vin=EDcius Pitta Lima de Ara=FAjo ...

Can't do adjustment in analytical accounting
I am trying to change an analytical assignmnet through the Edit Analysis. When I try and change it, I receive an error stating "The Code of this Transaction Dimension cannot be adjusted". Has anyone seen this before? I have done similar changes many times, but I don't know why I can't now. Any insight would be helpful. Thanks, KJ Hi KJ What version of Gp are you running? I haveseen this happen in 8 but one of the service packs fixed it. (I think it was SP 4 or 5) Fliehigh "KJ" wrote: > I am trying to change an analytical assignmnet through the Edit >...

Sent emails not logged in Sent Items (Outlook 2010)
I am using the Beta version of Outlook 2010 with Windows 7 Pro (64 bit). Sent emails are not logged in the Sent Items folder nor do saved drafts appear in the Drafts folder. I have confirmed that the relevant settings are checked in the Mail Settings. Any ideas what I can do to solve this problem? -- Stephen Newton "snewton" <snewton@discussions.microsoft.com> wrote in message news:F7345EA6-9E42-4DF7-AFA5-AD2DF2CA840D@microsoft.com... >I am using the Beta version of Outlook 2010 with Windows 7 Pro (64 bit). > Sent emails are not logged in the Sent I...