Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Extending password expiration in AD

Posted on 2010-08-17
9
Medium Priority
?
3,209 Views
Last Modified: 2012-05-10
I'm having a somewhat confusing issues with AD password. Now my question is this.....

A user password is already expired. Now, can I as an admin go in and negate this expiration and maybe extend it for another 30 days so that the user can still keep on using the same password? OR, will the password need to be reset?

Note that I'm talking about normal circumstances. Nothing about changing the last password value or any other fancy ways. This is just through AD users and computers snap in.
0
Comment
Question by:edniso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:mchieff
ID: 33461635
once it is expired it needs to be reset
depending on your group polcy for passwords, you can reset it to be the same if you like
0
 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 33461673
You can open the properties of the user and check the "Password never expires" box; if you don't want to think about having to manually uncheck the box again after 30 days or whenever, you can create a scheduled task (running with a user with the necessary AD permissions) for the expiration date that will disable the property again:
dsmod user "cn=SomeUser,ou=SomeOU,dc=domain,dc=local" -pwdneverexpires no
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 500 total points
ID: 33461739
That's right, if you want to use expired password longer, the only option is to set "Password never expires" checkbox in user's profile. Additionally, maybe your domain password policy is adequate? You can set longer expiration time in "Default Domain Policy" Computer Configuration -> Windows Settings -> Security Settings Account Policies -> Password Policies

But remember this policy affects all users in your domain. If you use 2003 (as I guess for zone assignement) as DC this is mandatory for whole domain users, in 2008 you can additionally use granular password policies

http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1.html
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:edniso
ID: 33461768
iSiek: So what you are saying is that if a password is already expired, I can go in and check "Password never expires" and it will negate the expiry and the user will be able to use the old password?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 33461831
Yes, enaling "Password never expires" will even work after the password has expired.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33461851
That's right. But it will take effect only if a user didn't change password.
0
 

Author Comment

by:edniso
ID: 33471989
Thanks everyone. I can only do it as domain admin (or) will an account operator have the ability to extend the expiration as well?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33472234
Basicaly, only domain admins.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33472237
Sorry, wrong answer(I didn' realize that it is other post). You should be able to do that as account operator :)
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question