Solved

Expired accounts

Posted on 2014-01-31
7
219 Views
Last Modified: 2014-02-13
I have a number of accounts with expired passwords in my Active Directory. If I set the 'Never Expires' flag after the password has expired, will I still have to change it?
0
Comment
Question by:albatros99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39823723
Hi

Never expires can be dangerous and only be used by service accounts with impossible to guess passwords.

But no, if you flag that for a user- or serviceaccount the account will never expire again.
0
 
LVL 3

Author Comment

by:albatros99
ID: 39823732
The question isn't if the account will expire again. The question is if I can continue to use the old password although the account has already expired, simply by checking the flag 'account never expires'.
0
 
LVL 6

Expert Comment

by:Aditya Arora
ID: 39823741
yes you still have to change it one time.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39823749
Yes you need to reset it once, can be the same as before.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39828044
I have not tested this, but I really not see any need \ good reason to reset password after you set flag to "Password never expires".

Ultimately if you have set account as a service account some where, it will query AD for credentials validity by checking user attribute (userAccountControl value)
In that case its duty of active directory to tell service that account password is expired or not
So, if you set it to non expiring after it expired, it should work

http://technet.microsoft.com/en-us/library/ee198831.aspx

Mahesh
0
 
LVL 3

Author Closing Comment

by:albatros99
ID: 39855916
I have tested this in a lab environment and can confirm that if the password has expired and you set the 'never expires' flag, you can logon again and don't have to change the password.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39855936
Thanks for testing

It is expected behaviour.

Thanks once again, your results would help some body some day in bad situation

Mahesh
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question