Solved

Expired accounts

Posted on 2014-01-31
7
218 Views
Last Modified: 2014-02-13
I have a number of accounts with expired passwords in my Active Directory. If I set the 'Never Expires' flag after the password has expired, will I still have to change it?
0
Comment
Question by:albatros99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 39823723
Hi

Never expires can be dangerous and only be used by service accounts with impossible to guess passwords.

But no, if you flag that for a user- or serviceaccount the account will never expire again.
0
 
LVL 3

Author Comment

by:albatros99
ID: 39823732
The question isn't if the account will expire again. The question is if I can continue to use the old password although the account has already expired, simply by checking the flag 'account never expires'.
0
 
LVL 6

Expert Comment

by:Aditya Arora
ID: 39823741
yes you still have to change it one time.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 22

Expert Comment

by:Patrick Bogers
ID: 39823749
Yes you need to reset it once, can be the same as before.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39828044
I have not tested this, but I really not see any need \ good reason to reset password after you set flag to "Password never expires".

Ultimately if you have set account as a service account some where, it will query AD for credentials validity by checking user attribute (userAccountControl value)
In that case its duty of active directory to tell service that account password is expired or not
So, if you set it to non expiring after it expired, it should work

http://technet.microsoft.com/en-us/library/ee198831.aspx

Mahesh
0
 
LVL 3

Author Closing Comment

by:albatros99
ID: 39855916
I have tested this in a lab environment and can confirm that if the password has expired and you set the 'never expires' flag, you can logon again and don't have to change the password.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39855936
Thanks for testing

It is expected behaviour.

Thanks once again, your results would help some body some day in bad situation

Mahesh
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question