• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1006
  • Last Modified:

Windows AD: Password Status: Expired

In Windows AD, when a password has expired, does that allow a user to log in and change his password?

I ask because I am trying to determine if having an account disabled is the same as having an account enabled with an expired password.

  • 2
1 Solution
Krzysztof PytkoSenior Active Directory EngineerCommented:
Yes, expires password means only that user cannot use it anymore. The next time he/she types it, system will force password change and user will be still able logging into domain.

When you want to disallow user logging, you need to disable the account. This is only supported case for that.

Another option is temporary account where it is expiring. Account expires and then it cannot be used anymore. But expired password is not secure in that meaning

NYGiantsFanAuthor Commented:
Thanks... Do you have any documentation reinforcing that by chance?  thanks
Krzysztof PytkoSenior Active Directory EngineerCommented:
You're welcome :) Unfortunately, no. This is based only on my own experience :)
... and this is working as designed :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now