本文从http://hi.baidu.com/vincekwok/blog/item/05e05e2cbde02fe78a13991b.html转载
现象: 原因: 而为什么会存在一个5分钟的时间,应该是由发起密码更改的那台DC,为旧密码开启了一个最后生存时间,而这个时间,就是5分钟整.这个5分钟就是为了防止AD同步延时问题,防止DC数量比较多时,用户登录所在的站点内还没有成功的更新到密码的修改的情况。这样,即使新密码没有生效,旧密码依然可用。 解决方法: http://support.microsoft.com/kb/906305/en-us There is the way to fix it by modifying the Windows Registry according to the kb above. But I still strongly recommend the customer to contact Microsoft Technical Support to confirm this.
站点内DC同步时间默认五分钟一次
############################################################################### How to change the lifetime period of an old passwordImportant This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756
(http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa
To do this, follow these steps:
|