How to extend an expired password on AD

An Active directory account passwords expiring is set by default on 90 Days & no companies barely change that value.

Configuring an AD account with Password Never Expires is not recommended due to security. However, there is a workaround to reset this value. 

To do it so, we will need to fetch the attribute editor. This is only available with “advanced options activated” & scrolling to the correct ou where the user is placed, double-clicking on it and selecting the “attribute editor” section.


2017-12-29 16_48_40-atrribute editor pw last set - Google Search

Hence will select the attribute and set it to “0(number)” & save

2017-12-29 16_50_48-atrribute editor pw last set - Google Search.png

Once done ( apply & exit ) We will set again the value into -1

2017-12-29 16_52_05-BIRLEYSVSFS01 - File Server - Exponential-E.png

We will press ok & Apply. Once done. Is like nothing ever happened. The cycle is restored and will not ask for a new password until the 90 days it will show today’s date.

I must say that you better only use this workaround in special scenarios like someone travelling and no phone contact is possible and you want to avoid a bad situation for the user.

Do not use this as a normal procedure to reset the password for security reasons.



One thought on “How to extend an expired password on AD

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.