[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 600
  • Last Modified:

Domain Admin Password reset

I would like  to know if there is a setting in GPO, that enables Domain Admins to reset their password  when expired and they try to logon to the domain.

for instance: I got a reminder pop up few days before my domain admin password expired, but did not change it..it hapened that I was off for few days and then when I came back, my password was already expired, and the other domain admin who works there was not in the office yet.
For a regular user password, even after it is expired, I can login to my workstation and will still let me type old password the new password, then be able to login but for the domain admin account, it did not.
how do I make the domain admin account prompts for old and new password o change it after it is expired
0
jskfan
Asked:
jskfan
  • 3
  • 3
4 Solutions
 
irweazelwallisCommented:
there shouldn't be anything stopping it creating a new password, as the process is the same when you change before its expired.

we can't log onto RDP sessions because we use NLA to authenticate and that won't do it with expired credentials
0
 
jskfanAuthor Commented:
I don't understand your point about RDP:

Do you mean if I logon directly to the console instead of RDP, it will prompt me to enter old/new password, but if I am using RDP, it will not ??/
0
 
SmightyCommented:
Just try to log on a client computer (or with OWA if it is published externally).
You should get a message stating "your password needs to be changed".

Just to clarify, did you set an expiration date to your Account? If yes, you may have blocked using your account until another Adminstrator unlocks your Account.

I recommend to create another user with a very strong password that all of your admins should know and use in an 'emergency' (like this).
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
irweazelwallisCommented:
i haven't tried with RDP console but if you try a normal RDP sessions onto 2008R2 with an expired password it won't let as NLA doesn't like the expired password.

if you log on locally - as in physically at the workstation then its fine and then prompts you for a password change


Smighty has a good workaround but that only works if you have a mailbox attached to you Domain Admin account, which you probably wouldn't
0
 
jskfanAuthor Commented:
how do you RDP as just logging at the console ?
mstsc /console ?
0
 
irweazelwallisCommented:
That or mstsc /admin which works on 2008r2 and RDS
0
 
jskfanAuthor Commented:
Thank you
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now