Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Active Directory Password Never Expires

Posted on 2013-11-11
12
1,388 Views
Last Modified: 2013-11-12
I have Default Domain policy maximum age 90 days
the Enforced is set "NO"

I have an AD account that has password never expires. However regardless of that the account has expired.

I am not sure why ?

Any help on how to make th password never expires differently than what I have done?

Thanks.
0
Comment
Question by:jskfan
  • 7
  • 2
  • 2
  • +1
12 Comments
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 200 total points
ID: 39639732
Are you a Domain Admin?  Because that would do it.
0
 

Author Comment

by:jskfan
ID: 39639739
yes I am domain Admin.

the account that get expired is a service account...it was set to never Expires but it expired.
0
 

Author Comment

by:jskfan
ID: 39639745
the service account is member of domain users only
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 100 total points
ID: 39639777
I have an AD account that has password never expires. However regardless of that the account has expired.

I am not sure why ?

doesn't matter what the password policy is - you said the account itself expired
0
 

Author Comment

by:jskfan
ID: 39639789
but it is set to never expires
0
 
LVL 34

Assisted Solution

by:Paul MacDonald
Paul MacDonald earned 200 total points
ID: 39639790
Sorry, I presumed you meant *your* account never expired.

Is it possible the service account exists in a container where the password policy doesn't apply?  Or is is possible the service account doesn't have permissions to Read the policy?
0
 

Author Comment

by:jskfan
ID: 39639802
a colleague of mine ran a tool it gave him the password status:
Max password age for svcaccount1 is 90 days
current password age is 91 days 5  hours 45 min
password remains valid for : 44444 days  4 hours 10 min
0
 

Author Comment

by:jskfan
ID: 39639814
the account is set to "Never expires", so the only way it will expire if the Default domain policy was Enforced, but it is not enforced.
I am not sure what made it expire
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 200 total points
ID: 39639886
I'm a little confused - what is expiring, the account or the account's password?  These are two different settings.  You can set either one or both of them to never expire. If the password policy is set to require passwords to be changed every 90 days, and you want the account to have a non-expiring password, then you need to check the box in the AD account properties "Password never expires." Is that the box you have checked?
0
 

Author Comment

by:jskfan
ID: 39640140
<<<If the password policy is set to require passwords to be changed every 90 days, and you want the account to have a non-expiring password, then you need to check the box in the AD account properties "Password never expires." Is that the box you have checked? >>>

Correct..That 's how it was configured.

but for some reason the service account password got expired and the Application service did not run
0
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 200 total points
ID: 39641713
Did the service account get locked out?  That is really strange and I've never seen it happen.  Anyway, I'd be inclined to create a new service account, making sure the "Password never expires" box is checked when you create the account, and then set that service to start using the new account.  Also re-check the password policy in the group policy for the OU where the account exists and make sure there aren't any other settings being applied that might override this setting. I normally create a separate OU for administrative and service accounts and set the OU to block inheritance so that other domain policies don't get applied by mistake.
0
 

Author Closing Comment

by:jskfan
ID: 39642230
Thanks
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question