Server 2012 user password expires when set not to

Hi Experts, I have set-up a user on my server 2012 DC and set the password not to expire under account properties. The issue I have is the default password policy appears to still be applied and the password keeps expiring.
LVL 1
coreccAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Have you tried to reset the password after you set the "Password never to expire"?

When you run
get-aduser -identity <username> -properties PasswordNeverExpires | fl

Open in new window


What do you see. Is the PasswordNeverExpires True?

Will.
David Johnson, CD, MVPOwnerCommented:
The issue I have is the default password policy appears to still be applied and the password keeps expiring. two choices remove that user group from the policy that sets the password policy or use fine grained password policy
tmoore1962Commented:
Check group policies
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

DrDave242Senior Support EngineerCommented:
The "Password never expires" flag on an individual user account is supposed to take precedence over the default password policy. Are you sure you don't have some other mechanism (like a script that runs every so often) configuring the password-expiration setting on that account?
McKnifeCommented:
When expired, is the box "password never expires" still checked? As Dr. Dave said: that box is what rules, the policies (be it the def dom pol or a fine grained whatever pol) DON'T matter.
coreccAuthor Commented:
I ran the above command and the password never expires is set to true. The option password never expires is still ticked when the password expires. I can see the built in administrator account password doesn't expire is there a way i can create another built in administrator account? I tried just creating a normal user and adding that user to the same groups but this is the account which has the password problem.
McKnifeCommented:
Correcc, something odd is going on. Make sure that your DCs are replicated. Maybe on one DC that account is set to expire and on the other it is not. This has nothing to do with being built-in or not.
Will SzymkowskiSenior Solution ArchitectCommented:
As stated already, when you enable "password never expires" this takes precedence over the default domain policy for change password in X number of days.

Will.
coreccAuthor Commented:
There is defiantly something odd going on, I only have one DC so its not a replication issue.
McKnifeCommented:
Please execute at the dc
net user username
and double check that line "password expires" has the value "never".
coreccAuthor Commented:
its set to never
McKnifeCommented:
There must be something you don't see.
Is this really a domain account or is it local account with the same name?
Is the message really "your password has expired and must be changed"?
compdigit44Commented:
If you create a new test domain user account and set the password to never expire, do the same issue still happen?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
coreccAuthor Commented:
It is a domain account, I cant see if it says the password has expired, I connect remotely and every 30 days I cant connect and have to reset the password, then I can connect fine.

I'm going to create a test account and see what happens in 30 days time, I close the question for now, so thanks everyone for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.