Domain password reset results in account locked out.
I have posted here before so this may sound familiar. I work for a small company that has several locations throughout the U.S. We currently have the following setup for our domain:
DC/Exchange1 running Exchange 2003 on Windows Server 2003 32bit.
Exchange2 running Exchange 2007 on Windows Server 2008 64bit.
We are migrating users from DC/Exchange1 to Exchange 2 in order to release Outlook 2013 company wide. We have approximately 30 users at our corporate office that are joined to the domain. We also have about 200 users throughout the other locations that have AD accounts in order to have a mailbox but are not using computers on the domain. We have created a new OU in AD for the Corporate users and computers. The DC/Exchange1 is located in the OU called Domain Controllers. The other servers on the domain are located in the OU Servers. I have moved the corporate users and computers to the new OU appropriately. Not all of these people have been migrated to the new Exchange2 server. We tried to implement a domain password policy that makes them change their password every 90 days with a 3 tries and you're locked out policy. Some of them haven't changed their password for several years and they immediately had to do so. I had them log out of their computer, change their password, and log in with the new one. They immediately got the message that their account was locked out. My partner in IT whose mailbox is currently on Exhange2 got the error. He noticed that when he checked his account on DC/Exhange1 it was NOT showing locked out. However the AD on Exchange2 was showing locked out for his account. What we would like is:
User able to change password at login prompt and forget it.
Password would sync with other Exchange server seamlessly.
None of the users in question log in to more than one computer and the ones that have had issues do NOT use mail on their cell phones.
We have turned off the policy for now until we get this straightened out. Can anyone help us with this issue as to why the servers aren't syncing?
I appreciate any help you can give me. And please understand I am not a network technician or engineer. This is my first foray into Exchange and my director is not familiar with Exchange 2007. Any help in easy to understand language is definitely appreciated.