How to extend an expired password on AD

by dakseven, posted in Active Directory, Security, Windows server 2012, Windows server 2012 R2, Windows Server2016

An Active directory account passwords expiring is set by default on 90 Days & no companies barely change that value.

Configuring an AD account with Password Never Expires is not recommended due to security. However, there is a workaround to reset this value. 

To do it so, we will need to fetch the attribute editor. This is only available with “advanced options activated” & scrolling to the correct ou where the user is placed, double-clicking on it and selecting the “attribute editor” section.

 

2017-12-29 16_48_40-atrribute editor pw last set - Google Search

Hence will select the attribute and set it to “0(number)” & save

2017-12-29 16_50_48-atrribute editor pw last set - Google Search.png

Once done ( apply & exit ) We will set again the value into -1

2017-12-29 16_52_05-BIRLEYSVSFS01 - File Server - Exponential-E.png

We will press ok & Apply. Once done. Is like nothing ever happened. The cycle is restored and will not ask for a new password until the 90 days it will show today’s date.

I must say that you better only use this workaround in special scenarios like someone travelling and no phone contact is possible and you want to avoid a bad situation for the user.

Do not use this as a normal procedure to reset the password for security reasons.

 

Advertisement

Published by dakseven

One thought on “How to extend an expired password on AD

  1. Pingback: How to extend an expired password on AD │ Mitteilung2

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.