password expiration

[Guest]

I have a Windows 2000 server running Active Directory, and on the
Administrator account for the server, the option to have the password never
to expire is grayed out. I would like to be able to set this option, but it
will not let me. Any help would be appreciated. Thanks.

Jeff

 

[Steven L Umbach]

I believe that is normal in Windows 2000 in that the built in administrator
account for the domain can never expire. That account should be configured
with a very complex password and you will just have to remember to change it
periodically. --- Steve

 

[Miha Pihler [MVP]]

Hi Jeff,

You might not be able to change this using GUI, but you might be able to
change this value by using Adsiedit.

Here is more information:

How to use the UserAccountControl flags to manipulate user account
properties
http://support.microsoft.com/?id=305144

I hope it helps.

 

[Guest]

I want to be able to set the option to have my password never expire. It is
expiring already, every 14 days or so, and the option to set to to never
expire is grayed out.

Jeff

 

[Guest]

I'll give it a shot. Thanks.

Jeff

Hi Jeff,

You might not be able to change this using GUI, but you might be able to
change this value by using Adsiedit.

Here is more information:

How to use the UserAccountControl flags to manipulate user account
properties
http://support.microsoft.com/?id=305144

I hope it helps.

 

[Steven L Umbach]

OK. Sorry I misunderstood. This method will work but requires that you have
an XP Pro computer on the domain. Assuming you do and it is a known secure
workstation [because you will need to logon as a domain admin], install
adminpak for Windows 2003 and install it on the XP Pro computer. You can
then use the Active Directory command line tools on your Windows 2000
domain. To change the administrator account to never expire use this command
[ dsmod user cn=administrator,cn=users,dc=mydomain,dc=com -pwdneverexpires
yes ]. This example assumes the administrator account is in the default
users container and the domain name is just an example of mydomain.com which
of course you would want to change to your own domain. I personally find the
command line tools very hand in a Windows 2000 domain but if you do not want
to use them then uninstall adminpak from that computer. For example the
command [ dsquery user -stalepwd 40 ] will find all the users that have not
changed their passwords in the last 40 days or you can enumerate all the
groups a user is in directly or also via nesting. The link below explains
more about these commands. --- Steve

http://www.microsoft.com/windowsxp/...using/productdoc/en/DS_command_line_tools.asp

 

[Guest]

Thanks for the information. That is what I was looking for!

Jeff

OK. Sorry I misunderstood. This method will work but requires that you have
an XP Pro computer on the domain. Assuming you do and it is a known secure
workstation [because you will need to logon as a domain admin], install
adminpak for Windows 2003 and install it on the XP Pro computer. You can
then use the Active Directory command line tools on your Windows 2000
domain. To change the administrator account to never expire use this command
[ dsmod user cn=administrator,cn=users,dc=mydomain,dc=com -pwdneverexpires
yes ]. This example assumes the administrator account is in the default
users container and the domain name is just an example of mydomain.com which
of course you would want to change to your own domain. I personally find the
command line tools very hand in a Windows 2000 domain but if you do not want
to use them then uninstall adminpak from that computer. For example the
command [ dsquery user -stalepwd 40 ] will find all the users that have not
changed their passwords in the last 40 days or you can enumerate all the
groups a user is in directly or also via nesting. The link below explains
more about these commands. --- Steve

http://www.microsoft.com/windowsxp/...using/productdoc/en/DS_command_line_tools.asp

I want to be able to set the option to have my password never expire. It
is
expiring already, every 14 days or so, and the option to set to to never
expire is grayed out.

Jeff