| Author |
Message |
Tony
Guest
|
 Posted:
Tue Oct 11, 2005 12:50 am Post subject:
A way to NOT force password change after password migration |
|
|
I'm using ADMT 2 password migration. Is there a way to NOT force a password
change after password migration? I would like to see our users be able to
continue to use their old password in the short term following their
migration and expire them out in smaller numbers.
Thanks
Tony |
|
| Back to top |
|
 |
Ada Pan [MSFT]
Guest
|
| Posted:
Tue Oct 11, 2005 8:51 am Post subject:
RE: A way to NOT force password change after password migrat |
|
|
Hello Tony,
I have successfully performed password migration test and would like to
list the following factors:
If the NT/user password does not meet the password policy in win2k3 domain,
the use can use the original password at the first logon but will be forced
to change the password.
If the NT/user password meets the password policy in win2k3 domain, he can
continue to use the password in win2k3 domain.
If the original NT/user account is disabled, you can enable them during the
ADMT migration process. (I remember one cu has asked this question)
I would like to list the breif steps below to migraite password:
1. Make sure two-way trust are established.
2. Refer to the following article to perform the password migration
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
t/804a418a-e8d4-473d-8517-264c87293fd2.mspx
3. When you insert the fopply disk on win2k3, use the command below:
admt key "vpcdomain" "a:"
4. Put the disk to NT PDC, and run pwdmig.exe, in case you encounter
problem that "NT need high encryption pack installed", you then can
download the pack from the link below:
Internet Explorer High Encryption Pack
http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.msp
x
5. Refer to ADMT help with the topic "password migration" to change the
win2k3 domain security policy
6. When run ADMT to migrate the account, you now can speicfy the PES server
(NT PDC) to migration the password.
Hope it helps.
Regards,
Ada Pan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
Tony
Guest
|
| Posted:
Tue Oct 11, 2005 4:51 pm Post subject:
RE: A way to NOT force password change after password migrat |
|
|
Hi Ada,
Your answer is correct. We actually figured out last night that we had
password complexity turned on in the default policy. We turned that off and
the passwords came across just fine.
Just one thing to add for the benefit of someone that might read this
later...You only need to turn off password complexity during the migration of
the passwords. You can turn it back on immediately following the password
migration and they will still work just fine. Apparently the password
complexity is not enforced until the next password change.
Thanks for the help
Tony
"Ada Pan [MSFT]" wrote:
| Quote: | Hello Tony,
I have successfully performed password migration test and would like to
list the following factors:
If the NT/user password does not meet the password policy in win2k3 domain,
the use can use the original password at the first logon but will be forced
to change the password.
If the NT/user password meets the password policy in win2k3 domain, he can
continue to use the password in win2k3 domain.
If the original NT/user account is disabled, you can enable them during the
ADMT migration process. (I remember one cu has asked this question)
I would like to list the breif steps below to migraite password:
1. Make sure two-way trust are established.
2. Refer to the following article to perform the password migration
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
t/804a418a-e8d4-473d-8517-264c87293fd2.mspx
3. When you insert the fopply disk on win2k3, use the command below:
admt key "vpcdomain" "a:"
4. Put the disk to NT PDC, and run pwdmig.exe, in case you encounter
problem that "NT need high encryption pack installed", you then can
download the pack from the link below:
Internet Explorer High Encryption Pack
http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.msp
x
5. Refer to ADMT help with the topic "password migration" to change the
win2k3 domain security policy
6. When run ADMT to migrate the account, you now can speicfy the PES server
(NT PDC) to migration the password.
Hope it helps.
Regards,
Ada Pan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
| Back to top |
|
|
Ada Pan [MSFT]
Guest
|
| Posted:
Wed Oct 12, 2005 12:50 pm Post subject:
RE: A way to NOT force password change after password migrat |
|
|
Hi Tony,
I am glad to hear you have figured out this issue and appreciate your great
experience sharing. It is very helpful for others to benefit from the
thread.
If you encounter any issues on server migration, feel free to post here.
It's always our pleasure to be of assistance.
Regards,
Ada Pan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in