Domain Admin Password reset

Posted on 2013-01-12
Last Modified: 2013-01-30
I would like  to know if there is a setting in GPO, that enables Domain Admins to reset their password  when expired and they try to logon to the domain.

for instance: I got a reminder pop up few days before my domain admin password expired, but did not change hapened that I was off for few days and then when I came back, my password was already expired, and the other domain admin who works there was not in the office yet.
For a regular user password, even after it is expired, I can login to my workstation and will still let me type old password the new password, then be able to login but for the domain admin account, it did not.
how do I make the domain admin account prompts for old and new password o change it after it is expired
Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 18

Accepted Solution

irweazelwallis earned 375 total points
ID: 38769912
there shouldn't be anything stopping it creating a new password, as the process is the same when you change before its expired.

we can't log onto RDP sessions because we use NLA to authenticate and that won't do it with expired credentials

Author Comment

ID: 38769955
I don't understand your point about RDP:

Do you mean if I logon directly to the console instead of RDP, it will prompt me to enter old/new password, but if I am using RDP, it will not ??/

Assisted Solution

Smighty earned 125 total points
ID: 38769957
Just try to log on a client computer (or with OWA if it is published externally).
You should get a message stating "your password needs to be changed".

Just to clarify, did you set an expiration date to your Account? If yes, you may have blocked using your account until another Adminstrator unlocks your Account.

I recommend to create another user with a very strong password that all of your admins should know and use in an 'emergency' (like this).
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

LVL 18

Assisted Solution

irweazelwallis earned 375 total points
ID: 38769993
i haven't tried with RDP console but if you try a normal RDP sessions onto 2008R2 with an expired password it won't let as NLA doesn't like the expired password.

if you log on locally - as in physically at the workstation then its fine and then prompts you for a password change

Smighty has a good workaround but that only works if you have a mailbox attached to you Domain Admin account, which you probably wouldn't

Author Comment

ID: 38772239
how do you RDP as just logging at the console ?
mstsc /console ?
LVL 18

Assisted Solution

irweazelwallis earned 375 total points
ID: 38772880
That or mstsc /admin which works on 2008r2 and RDS

Author Closing Comment

ID: 38836424
Thank you

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question