[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 230
  • Last Modified:

Expired accounts

I have a number of accounts with expired passwords in my Active Directory. If I set the 'Never Expires' flag after the password has expired, will I still have to change it?
0
albatros99
Asked:
albatros99
  • 2
  • 2
  • 2
  • +1
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Hi

Never expires can be dangerous and only be used by service accounts with impossible to guess passwords.

But no, if you flag that for a user- or serviceaccount the account will never expire again.
0
 
albatros99Author Commented:
The question isn't if the account will expire again. The question is if I can continue to use the old password although the account has already expired, simply by checking the flag 'account never expires'.
0
 
Aditya AroraCommented:
yes you still have to change it one time.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Patrick BogersDatacenter platform engineer LindowsCommented:
Yes you need to reset it once, can be the same as before.
0
 
MaheshArchitectCommented:
I have not tested this, but I really not see any need \ good reason to reset password after you set flag to "Password never expires".

Ultimately if you have set account as a service account some where, it will query AD for credentials validity by checking user attribute (userAccountControl value)
In that case its duty of active directory to tell service that account password is expired or not
So, if you set it to non expiring after it expired, it should work

http://technet.microsoft.com/en-us/library/ee198831.aspx

Mahesh
0
 
albatros99Author Commented:
I have tested this in a lab environment and can confirm that if the password has expired and you set the 'never expires' flag, you can logon again and don't have to change the password.
0
 
MaheshArchitectCommented:
Thanks for testing

It is expected behaviour.

Thanks once again, your results would help some body some day in bad situation

Mahesh
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now