On a Windows Server 2008 R2 AD, if you uncheck the account option "Password never expires" on a User Account, does the password expire instantly, or does it get set to the period defined in the Password Policy?
Asked
Active
Viewed 1.4k times
2 Answers
6
The expiration date should be inherited from the domain's policy. The last password modification date is being stored in the attribute pwdLastSet
So if you uncheck the box there's a slight chance that this user's password is older then your policy defines. Therefore the password might expire.
But you can check password expiration with
net user username
Edit: I think I just found the solution you are looking for. Just set pwdLastSet to -1 and it will store today's date.
Source with a decent VBS script: https://stackoverflow.com/questions/5556806/change-password-expiration-date-in-active-directory-using-vbs
justlovingIT
- 475
- 3
- 11
0
You could also use Powershell as well as dism for this purpose. https://www.itechtics.com/set-windows-local-user-account-passwords-to-never-expire/
And yes the option will take effect immediately. If you uncheck the option, it will abide by the group policy no. of days before the password expires.
Usman
- 1