Cannot Set Password Never Expires

[Guest]

Hi

I need some help regarding a very strange situation. My company has a
singel Active Directory with multiple OU / Domains for each country. One of
my OU's has a very unique situation. The Administrator account for this OU
has it's Password Never Expires Tick Box greyed out. The stange bit is that
all the other accounts have this enabled. I need some help finding out where
I should look to enable this feature. Having to change the Admin password
once a month and not very good practice. Anyone have any ideas where I could
look to reslove this.

 

[Joe Richards [MVP]]

If the box is greyed out, for some reason you don't have access to it.

It is good practice to change the password of any account with admin rights that
is used by people or services more often than you change normal users passwords.

You change passwords for a reason. The reason that applies to users is far more
important for admins.

joe

 

[Guest]

But This is the main Administrator account for the OU. Once the password is
set, it split into to envelopes and lock within a safe.

 

[Joe Richards [MVP]]

Yep in that case, that should be set to non-expiring and then the account is
monitored to see if anyone ever logs on. If someone does, the password gets
changed immediately. Don't depend on people telling you that they used it or
not. Actually watch AD to see.

In the meanwhile, you still don't have access to the account for some reason, I
would recommend looking at the actual ACL on the account.

joe

 

[Cary Shultz [A.D. MVP]]

To jump in here for a second and mention something:

Password policies are set at the Domain-level. When you state that you have
multiple OU / Domains for each country do you mean that you have an OU for
each Country ( so, you have one Domain but have an OU for China, for
Germany, for USA, etc. ) or do you have a Domain for each Country (
china.yourdomain.com, germany.yourdomain.com, usa.yourdomain.com, etc. ) and
there are multiple OUs in each domain?

Does not necessarily have anything to resolving your issue ( it is highly
probably that there is a reason that it is grayed out...and Joe has already
mentioned it ).

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Guest]

We have one forest with child domains e.g xxx.uk.plc, xxx.france.plc etc...
Each Administrator with their respective countries has full control of their
child domain. Within my child domain my admin account i should have full
access to but it looks like I don't have access. The starnge this was all of
the accounts has the password never expires box greyed out. I want into my
OU and had this changed via GPO. this worked for all of my accounts apart
from the Admin Account. I them moved the Admin account into it's own OU and
did the same thing this failed as well. I am really stumpted with this one.

To jump in here for a second and mention something:

Password policies are set at the Domain-level. When you state that you have
multiple OU / Domains for each country do you mean that you have an OU for
each Country ( so, you have one Domain but have an OU for China, for
Germany, for USA, etc. ) or do you have a Domain for each Country (
china.yourdomain.com, germany.yourdomain.com, usa.yourdomain.com, etc. ) and
there are multiple OUs in each domain?

Does not necessarily have anything to resolving your issue ( it is highly
probably that there is a reason that it is grayed out...and Joe has already
mentioned it ).

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com