If the machine was down for a long time, that scavenger thread will not run and the password will not get out of sync in the local store and Active Directory. This is only applicable if the machine is turned off for such a long time. The Netlogon service on the client computer is responsible for doing this. When the computer starts up, it will notice that its password is older than 30 days and will initiate action to change it. So if a computer is turned off for three months nothing expires. As long as no one has disabled or deleted the computer account, nor tried to add a computer with the same name to the domain, (or some other destructive action), the computer will continue to work no matter how long it has been since its machine account password was initiated and changed. It is important to remember that machine account password changes are driven by the CLIENT (computer), and not the AD. They are exempted from the domain's password policy. Question: If a workstation does not change its password, will it not be allowed to log onto the network?Īnswer: Machine account passwords as such do not expire in Active Directory. You can configure this security setting by opening the appropriate policy andĬomputer\Configuration\Windows Settings\Security Settings\Local Policies\Security Options This behavior can be modified to a custom value using the following group policy setting in Active Directory.ĭomain member: Maximum machine account password age
Since Windows 2000, all versions of Windows have the same value. Question: How often does the machine password account change in AD (is it different for various Windows operating systems)?Īnswer: The machine account password change is initiated by the computer every 30 days by default. Ever wondered what goes on with your machine account in Active Directory? Here is a brief set of question and answers to clear things up. Hi, this is Manish Singh from the Directory Services team and I am going to talk about the machine account password process. First published on TechNet on Feb 13, 2009