<div>
<div class="content wysiwyg-content">
Hello AD Experts,<br />
<br />
We have several generic accounts that are being used as service accounts on our domain. &nbsp;A hand full of these accounts are domain admin accounts (I know this is not a good configuration, but I have to work with it for the time being). &nbsp;Any ways, I want to set these accounts up so that a user that logs in with the account cannot change the password. &nbsp;I have tried setting the 'User cannot change password' attribute in Active Directory Users and Computers, but 30 minutes after I select this attribute, something is deselecting it. &nbsp;I have looked through our GPOs for something that would be deselecting the attribute, but I have not found anything (but I could be looking in the wrong place). &nbsp;My questions are these:<br />
&nbsp; &nbsp;1. &nbsp;What could be causing my selection of this attribute to revert back to the unselected state?<br />
<br />
&nbsp; &nbsp;2. &nbsp;How can I configure these accounts so that the user cannot change the password?<br />
<br />
Thanks in advance for your help.<br />
<br />
Nick
</div>
</div>


Hello AD Experts,

We have several generic accounts that are being used as service accounts on our domain.  A hand full of these accounts are domain admin accounts (I know this is not a good configuration, but I have to work with it for the time being).  Any ways, I want to set these accounts up so that a user that logs in with the account cannot change the password.  I have tried setting the 'User cannot change password' attribute in Active Directory Users and Computers, but 30 minutes after I select this attribute, something is deselecting it.  I have looked through our GPOs for something that would be deselecting the attribute, but I have not found anything (but I could be looking in the wrong place).  My questions are these:
   1.  What could be causing my selection of this attribute to revert back to the unselected state?

   2.  How can I configure these accounts so that the user cannot change the password?

Thanks in advance for your help.

Nick

I can't set domain admin accounts so that the user cannot change the password

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.