Solved

Domain Admin Password reset

Posted on 2013-01-12
7
587 Views
Last Modified: 2013-01-30
I would like  to know if there is a setting in GPO, that enables Domain Admins to reset their password  when expired and they try to logon to the domain.

for instance: I got a reminder pop up few days before my domain admin password expired, but did not change it..it hapened that I was off for few days and then when I came back, my password was already expired, and the other domain admin who works there was not in the office yet.
For a regular user password, even after it is expired, I can login to my workstation and will still let me type old password the new password, then be able to login but for the domain admin account, it did not.
how do I make the domain admin account prompts for old and new password o change it after it is expired
0
Comment
Question by:jskfan
  • 3
  • 3
7 Comments
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 375 total points
ID: 38769912
there shouldn't be anything stopping it creating a new password, as the process is the same when you change before its expired.

we can't log onto RDP sessions because we use NLA to authenticate and that won't do it with expired credentials
0
 

Author Comment

by:jskfan
ID: 38769955
I don't understand your point about RDP:

Do you mean if I logon directly to the console instead of RDP, it will prompt me to enter old/new password, but if I am using RDP, it will not ??/
0
 
LVL 4

Assisted Solution

by:Smighty
Smighty earned 125 total points
ID: 38769957
Just try to log on a client computer (or with OWA if it is published externally).
You should get a message stating "your password needs to be changed".

Just to clarify, did you set an expiration date to your Account? If yes, you may have blocked using your account until another Adminstrator unlocks your Account.

I recommend to create another user with a very strong password that all of your admins should know and use in an 'emergency' (like this).
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 375 total points
ID: 38769993
i haven't tried with RDP console but if you try a normal RDP sessions onto 2008R2 with an expired password it won't let as NLA doesn't like the expired password.

if you log on locally - as in physically at the workstation then its fine and then prompts you for a password change


Smighty has a good workaround but that only works if you have a mailbox attached to you Domain Admin account, which you probably wouldn't
0
 

Author Comment

by:jskfan
ID: 38772239
how do you RDP as just logging at the console ?
mstsc /console ?
0
 
LVL 18

Assisted Solution

by:irweazelwallis
irweazelwallis earned 375 total points
ID: 38772880
That or mstsc /admin which works on 2008r2 and RDS
0
 

Author Closing Comment

by:jskfan
ID: 38836424
Thank you
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now