Aug 02 2024 11:28 AM
I am using Server Next Preview Build 26257. It is a domain controller. I only have the one AD account which I created to do the evaluation. The account password expired today. When I attempt to change it at login, I enter the new password twice as required and hit Enter, but it sends me back and says "The password for this account has expired" with an OK button.
If I try again I get the same result. If I purposely type a mismatch for the new PW it does acknowledge that.
Has anyone else seen this? I can't think of a workaround.
Aug 04 2024 07:40 AM
Aug 09 2024 03:43 PM
Aug 11 2024 06:46 AM
SolutionAug 12 2024 12:15 PM
@Joachim_Otahal That's very helpful, so thanks for asking the question.
It's been years since I set up an AD domain from scratch. Apparently when I created this domain for evaluation, I had to set a password for the built-in Administrator account. By default the built-in Administrator's password doesn't expire, so I was able to log on with that account. As it turns out that did give me second account to use after all.
This solves my issue of not being able to log on, but more importantly this has got to be a bug. I used the Administrator account to reset the other DA account's PW, leaving the setting "User must change PW at logon". Essentially the same thing happened: I enter the PW, I get the message that I need to change the PW, but after doing so it simply repeats that I need to change the PW.
Using the Administrator account to reset the PW, unchecking the option to force change at logon, of course gets around that issue.
Aug 13 2024 07:44 AM
Aug 13 2024 07:59 AM
Aug 14 2024 12:40 AM
I just ran into this issue as well. DCs are Server 2025 build 26100.1150, with Server 2025 forest functional level.
Definitely a server-side DC issue, and anyone unlucky to not have another admin account at hand to reset the password is gonna have a bad time.
Aug 14 2024 01:29 AM
Aug 14 2024 01:32 AM
Aug 14 2024 02:07 AM
I did use the DOMAIN\SamAccountName format (both on a remote machine as well as on the DC's local console). However, I've done it this way before upgrading the domain to 2025 as well, and don't recall running into issues doing it this way (the account is not part of "Protected users").
Aug 14 2024 12:46 PM
Aug 11 2024 06:46 AM
Solution