Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1498
  • Last Modified:

Active Directory Password Never Expires

I have Default Domain policy maximum age 90 days
the Enforced is set "NO"

I have an AD account that has password never expires. However regardless of that the account has expired.

I am not sure why ?

Any help on how to make th password never expires differently than what I have done?

Thanks.
0
jskfan
Asked:
jskfan
  • 7
  • 2
  • 2
  • +1
5 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
Are you a Domain Admin?  Because that would do it.
0
 
jskfanAuthor Commented:
yes I am domain Admin.

the account that get expired is a service account...it was set to never Expires but it expired.
0
 
jskfanAuthor Commented:
the service account is member of domain users only
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Seth SimmonsSr. Systems AdministratorCommented:
I have an AD account that has password never expires. However regardless of that the account has expired.

I am not sure why ?

doesn't matter what the password policy is - you said the account itself expired
0
 
jskfanAuthor Commented:
but it is set to never expires
0
 
Paul MacDonaldDirector, Information SystemsCommented:
Sorry, I presumed you meant *your* account never expired.

Is it possible the service account exists in a container where the password policy doesn't apply?  Or is is possible the service account doesn't have permissions to Read the policy?
0
 
jskfanAuthor Commented:
a colleague of mine ran a tool it gave him the password status:
Max password age for svcaccount1 is 90 days
current password age is 91 days 5  hours 45 min
password remains valid for : 44444 days  4 hours 10 min
0
 
jskfanAuthor Commented:
the account is set to "Never expires", so the only way it will expire if the Default domain policy was Enforced, but it is not enforced.
I am not sure what made it expire
0
 
Hypercat (Deb)Commented:
I'm a little confused - what is expiring, the account or the account's password?  These are two different settings.  You can set either one or both of them to never expire. If the password policy is set to require passwords to be changed every 90 days, and you want the account to have a non-expiring password, then you need to check the box in the AD account properties "Password never expires." Is that the box you have checked?
0
 
jskfanAuthor Commented:
<<<If the password policy is set to require passwords to be changed every 90 days, and you want the account to have a non-expiring password, then you need to check the box in the AD account properties "Password never expires." Is that the box you have checked? >>>

Correct..That 's how it was configured.

but for some reason the service account password got expired and the Application service did not run
0
 
Hypercat (Deb)Commented:
Did the service account get locked out?  That is really strange and I've never seen it happen.  Anyway, I'd be inclined to create a new service account, making sure the "Password never expires" box is checked when you create the account, and then set that service to start using the new account.  Also re-check the password policy in the group policy for the OU where the account exists and make sure there aren't any other settings being applied that might override this setting. I normally create a separate OU for administrative and service accounts and set the OU to block inheritance so that other domain policies don't get applied by mistake.
0
 
jskfanAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now