Domain Admin Password reset

Posted on 2013-01-12
Last Modified: 2013-01-30
I would like  to know if there is a setting in GPO, that enables Domain Admins to reset their password  when expired and they try to logon to the domain.

for instance: I got a reminder pop up few days before my domain admin password expired, but did not change hapened that I was off for few days and then when I came back, my password was already expired, and the other domain admin who works there was not in the office yet.
For a regular user password, even after it is expired, I can login to my workstation and will still let me type old password the new password, then be able to login but for the domain admin account, it did not.
how do I make the domain admin account prompts for old and new password o change it after it is expired
Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 18

Accepted Solution

irweazelwallis earned 375 total points
ID: 38769912
there shouldn't be anything stopping it creating a new password, as the process is the same when you change before its expired.

we can't log onto RDP sessions because we use NLA to authenticate and that won't do it with expired credentials

Author Comment

ID: 38769955
I don't understand your point about RDP:

Do you mean if I logon directly to the console instead of RDP, it will prompt me to enter old/new password, but if I am using RDP, it will not ??/

Assisted Solution

Smighty earned 125 total points
ID: 38769957
Just try to log on a client computer (or with OWA if it is published externally).
You should get a message stating "your password needs to be changed".

Just to clarify, did you set an expiration date to your Account? If yes, you may have blocked using your account until another Adminstrator unlocks your Account.

I recommend to create another user with a very strong password that all of your admins should know and use in an 'emergency' (like this).
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

LVL 18

Assisted Solution

irweazelwallis earned 375 total points
ID: 38769993
i haven't tried with RDP console but if you try a normal RDP sessions onto 2008R2 with an expired password it won't let as NLA doesn't like the expired password.

if you log on locally - as in physically at the workstation then its fine and then prompts you for a password change

Smighty has a good workaround but that only works if you have a mailbox attached to you Domain Admin account, which you probably wouldn't

Author Comment

ID: 38772239
how do you RDP as just logging at the console ?
mstsc /console ?
LVL 18

Assisted Solution

irweazelwallis earned 375 total points
ID: 38772880
That or mstsc /admin which works on 2008r2 and RDS

Author Closing Comment

ID: 38836424
Thank you

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Generate a Citrix Login history for a user without having any special tools. 6 53
NTP problem 24 80
How to decline Windows updates with SCCM? 2 60
Local admin account 3 45
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question