Link to home
Start Free TrialLog in
Avatar of corecc
corecc

asked on

Server 2012 user password expires when set not to

Hi Experts, I have set-up a user on my server 2012 DC and set the password not to expire under account properties. The issue I have is the default password policy appears to still be applied and the password keeps expiring.
SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The issue I have is the default password policy appears to still be applied and the password keeps expiring. two choices remove that user group from the policy that sets the password policy or use fine grained password policy
Avatar of tmoore1962
tmoore1962

Check group policies
The "Password never expires" flag on an individual user account is supposed to take precedence over the default password policy. Are you sure you don't have some other mechanism (like a script that runs every so often) configuring the password-expiration setting on that account?
When expired, is the box "password never expires" still checked? As Dr. Dave said: that box is what rules, the policies (be it the def dom pol or a fine grained whatever pol) DON'T matter.
Avatar of corecc

ASKER

I ran the above command and the password never expires is set to true. The option password never expires is still ticked when the password expires. I can see the built in administrator account password doesn't expire is there a way i can create another built in administrator account? I tried just creating a normal user and adding that user to the same groups but this is the account which has the password problem.
Correcc, something odd is going on. Make sure that your DCs are replicated. Maybe on one DC that account is set to expire and on the other it is not. This has nothing to do with being built-in or not.
As stated already, when you enable "password never expires" this takes precedence over the default domain policy for change password in X number of days.

Will.
Avatar of corecc

ASKER

There is defiantly something odd going on, I only have one DC so its not a replication issue.
Please execute at the dc
net user username
and double check that line "password expires" has the value "never".
Avatar of corecc

ASKER

its set to never
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of corecc

ASKER

It is a domain account, I cant see if it says the password has expired, I connect remotely and every 30 days I cant connect and have to reset the password, then I can connect fine.

I'm going to create a test account and see what happens in 30 days time, I close the question for now, so thanks everyone for your help.