Link to home
Start Free TrialLog in
Avatar of Someone

asked on

How to make the old password invalid once I change it in Active Directory

Hello IT people

When I change the password for a user in Active Directory, the user can use the old password for some time. How could I change that so the old password become invalid once I change it?

Avatar of CompProbSolv
Flag of United States of America image

"user can use the old password for some time "
Are you saying that the user can continue to be logged in after you change the password or that they are able to log in with the old password after you change it?

Is the computer on the LAN with the DC when they use the old password?

Avatar of Someone


I mean they are able to log in with the old password after I change it, for some time, let's say for 24 hour.
yes the computer is on the LAN.
Avatar of Hello There
Hello There

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Someone


Yes I have multiple DCs, and are they replicate without errors. But I'm afraid that I can't restart them for now šŸ˜…

I'll check if it is related to the NTLM authentication or not
You need to set password policies in AD to remember the history of passwords and prevent reuse of passwords for the same user: Enable the 'Enforce password history'.
SeeĀ Password Policy (Windows 10) - Windows security | Microsoft DocsĀ