In the last month or so, My users are getting error messages when they try
and change their password of the forms:

"Your Windows account has been set to force a password change upon initial
login. You do not have rights to change your password. Contact your System
Administrator." (this is new users, as we set a standard PW, then force them
to change it upon first login)


"Your password has expired. You do not have rights to change your
password." (this is existing users, having to change their password every
90 days)

We're running NWC 4.9w/SP2 and latest patches, NW 4.11w/SP9 (I know, I
know), ZFD 3.2w/SP2, and ADS 2003. This happens on both WinXPProw/SP2 and
Win2KProw/SP4 both with latest MS patches.

It's ONLY happening to those users that have the NWC installed, not if they
only have a plain Windows login.

It seems to be beginning to happen to ALL our users, as those that have come
up to the 90 day PW change interval (only forced by ADS, we don't use PW
restrictions, other than size (8), in NDS) are getting this message. Users
with Administrator Rights on their own computers are not having a problem.

Our Help Desk staff CAN change the PW's manually, but...that's starting to
be a pain, and we have a LOT of users at the end of their 90 day PW change
in early Jan.

In looking this up on Google, this ONLY seems to be happening when the NWC
is involved, not a "Windows message"...

Only two things I know of that we did are:

1. We recently (end of November) upgraded from Exchange 5.5 to Exchange
2003. At that time, I think some changes were made Nationally so that the
email address ( as well as the normal ADS account (which
we have set identical in NDS, Tree structure, account name, password)
(vhadenbradlwd) can be used to login with. But...our users are still using
the normal ADS account, which would sync with the NDS least

2. We had an issue with the Exchange Migration program used to migrate the
mailboxes working with clients older than 4.9w/SP2, so, had to use ZFD and
ACU to upgrade those with lower client versions. What was pushed out was
the exact same version as was being installed on new computers, though.

It's not clear if this is ONLY happening with those who were upgraded, or,
to all existing clients.

I kinda think that this is really a synchronization problem, caused by the
ability to use an email address to login with, but, am not sure.

Any ideas?