corecc
asked on
Server 2012 user password expires when set not to
Hi Experts, I have set-up a user on my server 2012 DC and set the password not to expire under account properties. The issue I have is the default password policy appears to still be applied and the password keeps expiring.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The issue I have is the default password policy appears to still be applied and the password keeps expiring. two choices remove that user group from the policy that sets the password policy or use fine grained password policy
Check group policies
The "Password never expires" flag on an individual user account is supposed to take precedence over the default password policy. Are you sure you don't have some other mechanism (like a script that runs every so often) configuring the password-expiration setting on that account?
When expired, is the box "password never expires" still checked? As Dr. Dave said: that box is what rules, the policies (be it the def dom pol or a fine grained whatever pol) DON'T matter.
ASKER
I ran the above command and the password never expires is set to true. The option password never expires is still ticked when the password expires. I can see the built in administrator account password doesn't expire is there a way i can create another built in administrator account? I tried just creating a normal user and adding that user to the same groups but this is the account which has the password problem.
Correcc, something odd is going on. Make sure that your DCs are replicated. Maybe on one DC that account is set to expire and on the other it is not. This has nothing to do with being built-in or not.
As stated already, when you enable "password never expires" this takes precedence over the default domain policy for change password in X number of days.
Will.
Will.
ASKER
There is defiantly something odd going on, I only have one DC so its not a replication issue.
Please execute at the dc
net user username
and double check that line "password expires" has the value "never".
net user username
and double check that line "password expires" has the value "never".
ASKER
its set to never
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It is a domain account, I cant see if it says the password has expired, I connect remotely and every 30 days I cant connect and have to reset the password, then I can connect fine.
I'm going to create a test account and see what happens in 30 days time, I close the question for now, so thanks everyone for your help.
I'm going to create a test account and see what happens in 30 days time, I close the question for now, so thanks everyone for your help.