Solved

Expired accounts

Posted on 2014-01-31
7
212 Views
Last Modified: 2014-02-13
I have a number of accounts with expired passwords in my Active Directory. If I set the 'Never Expires' flag after the password has expired, will I still have to change it?
0
Comment
Question by:albatros99
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39823723
Hi

Never expires can be dangerous and only be used by service accounts with impossible to guess passwords.

But no, if you flag that for a user- or serviceaccount the account will never expire again.
0
 
LVL 3

Author Comment

by:albatros99
ID: 39823732
The question isn't if the account will expire again. The question is if I can continue to use the old password although the account has already expired, simply by checking the flag 'account never expires'.
0
 
LVL 6

Expert Comment

by:Aditya Arora
ID: 39823741
yes you still have to change it one time.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 19

Expert Comment

by:Patricksr1972
ID: 39823749
Yes you need to reset it once, can be the same as before.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39828044
I have not tested this, but I really not see any need \ good reason to reset password after you set flag to "Password never expires".

Ultimately if you have set account as a service account some where, it will query AD for credentials validity by checking user attribute (userAccountControl value)
In that case its duty of active directory to tell service that account password is expired or not
So, if you set it to non expiring after it expired, it should work

http://technet.microsoft.com/en-us/library/ee198831.aspx

Mahesh
0
 
LVL 3

Author Closing Comment

by:albatros99
ID: 39855916
I have tested this in a lab environment and can confirm that if the password has expired and you set the 'never expires' flag, you can logon again and don't have to change the password.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39855936
Thanks for testing

It is expected behaviour.

Thanks once again, your results would help some body some day in bad situation

Mahesh
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now