Avatar of ndalmolin_13
ndalmolin_13Flag for United States of America asked on

I can't set domain admin accounts so that the user cannot change the password

Hello AD Experts,

We have several generic accounts that are being used as service accounts on our domain.  A hand full of these accounts are domain admin accounts (I know this is not a good configuration, but I have to work with it for the time being).  Any ways, I want to set these accounts up so that a user that logs in with the account cannot change the password.  I have tried setting the 'User cannot change password' attribute in Active Directory Users and Computers, but 30 minutes after I select this attribute, something is deselecting it.  I have looked through our GPOs for something that would be deselecting the attribute, but I have not found anything (but I could be looking in the wrong place).  My questions are these:
   1.  What could be causing my selection of this attribute to revert back to the unselected state?

   2.  How can I configure these accounts so that the user cannot change the password?

Thanks in advance for your help.

Nick
Active Directory

Avatar of undefined
Last Comment
ndalmolin_13

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Will Szymkowski

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
ndalmolin_13

Thanks for the link.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck