Solved

Extending password expiration in AD

Posted on 2010-08-17
9
2,839 Views
Last Modified: 2012-05-10
I'm having a somewhat confusing issues with AD password. Now my question is this.....

A user password is already expired. Now, can I as an admin go in and negate this expiration and maybe extend it for another 30 days so that the user can still keep on using the same password? OR, will the password need to be reset?

Note that I'm talking about normal circumstances. Nothing about changing the last password value or any other fancy ways. This is just through AD users and computers snap in.
0
Comment
Question by:edniso
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 3

Expert Comment

by:mchieff
ID: 33461635
once it is expired it needs to be reset
depending on your group polcy for passwords, you can reset it to be the same if you like
0
 
LVL 85

Accepted Solution

by:
oBdA earned 125 total points
ID: 33461673
You can open the properties of the user and check the "Password never expires" box; if you don't want to think about having to manually uncheck the box again after 30 days or whenever, you can create a scheduled task (running with a user with the necessary AD permissions) for the expiration date that will disable the property again:
dsmod user "cn=SomeUser,ou=SomeOU,dc=domain,dc=local" -pwdneverexpires no
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 125 total points
ID: 33461739
That's right, if you want to use expired password longer, the only option is to set "Password never expires" checkbox in user's profile. Additionally, maybe your domain password policy is adequate? You can set longer expiration time in "Default Domain Policy" Computer Configuration -> Windows Settings -> Security Settings Account Policies -> Password Policies

But remember this policy affects all users in your domain. If you use 2003 (as I guess for zone assignement) as DC this is mandatory for whole domain users, in 2008 you can additionally use granular password policies

http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1.html
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 

Author Comment

by:edniso
ID: 33461768
iSiek: So what you are saying is that if a password is already expired, I can go in and check "Password never expires" and it will negate the expiry and the user will be able to use the old password?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 33461831
Yes, enaling "Password never expires" will even work after the password has expired.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33461851
That's right. But it will take effect only if a user didn't change password.
0
 

Author Comment

by:edniso
ID: 33471989
Thanks everyone. I can only do it as domain admin (or) will an account operator have the ability to extend the expiration as well?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33472234
Basicaly, only domain admins.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33472237
Sorry, wrong answer(I didn' realize that it is other post). You should be able to do that as account operator :)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question