Why can't I use my user principal name to change my password if the Global Catalog is unavailable?

A. In Windows 2000, users have a user principal name (UPN)—e.g., [email protected]—as well as the usual down-level SAM name—e.g., savillj. If you change your password using the down-level SAM username, the change works fine, even if the Global Catalog (GC) isn't available. If you change your password using your UPN and the GC isn't available, you receive the following error message if the account is in the parent domain:
The user name or old password is incorrect. Letters in passwords must be typed using the correct case. Make sure the Caps is not accidentally on.
Or, you receive the following error message if the account is in the child domain:

Unable to change the password on this account due to the following

1359: An internal error occurred
Please consult your system administrator.

To confirm that the GC's absence is the problem, use the following command to find your logon server:

echo %logonserver%
When you find the logon server, check the directory-service event log for the following event:
Event 1126 Unable to establish connect with global catalog

To fix this problem, you need is to ensure that the GC is available. You need the GC to change passwords using your UPN because domains store information only about their local domain whereas the GC includes information about objects in the entire forest. Thus, the GC must be available when you use the UPN, unless you have only one domain.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.