• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 988
  • Last Modified:

Windows AD: Password Status: Expired

In Windows AD, when a password has expired, does that allow a user to log in and change his password?

I ask because I am trying to determine if having an account disabled is the same as having an account enabled with an expired password.

Thanks.
0
NYGiantsFan
Asked:
NYGiantsFan
  • 2
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
Yes, expires password means only that user cannot use it anymore. The next time he/she types it, system will force password change and user will be still able logging into domain.

When you want to disallow user logging, you need to disable the account. This is only supported case for that.

Another option is temporary account where it is expiring. Account expires and then it cannot be used anymore. But expired password is not secure in that meaning

Regards,
Krzysztof
0
 
NYGiantsFanAuthor Commented:
Thanks... Do you have any documentation reinforcing that by chance?  thanks
0
 
Krzysztof PytkoActive Directory EngineerCommented:
You're welcome :) Unfortunately, no. This is based only on my own experience :)
... and this is working as designed :)

Krzysztof
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now