I got message of 4724 event, where domain controller reset password for domain computer.
TargetUserName": "COMP123$"
...
SubjectUserName": "DC2$"
Why it happened? Is it normal?
Asked
Active
Viewed 362 times
1 Answers
1
There seems always to be a bit of non-understanding when it comes to domain-joined (Windows) computers and how/when they update their AD computer object (machine account) passwords.
Here are a few key points
- The "default domain policy" setting configures domain-joined Windows 2000 (& up) computers to update their passwords every 30 days (default)
- Computer password update policy is configured in the Default Domain Policy setting
- Computers joined to an AD domain have an associated computer account in AD and that account (object) has an associated password
- This is not "fix": The computer updates the password when it thinks it needs to, but the domain doesn’t block computer accounts with passwords older than the policy setting
- The local computer’s Netlogon service handles the machine account password updates, not Active Directory
Or in Short:
Is it normal?
Yes, it is.
bjoster
- 4,805
- 5
- 25
- 33