"Your password has expired and must be changed"
I guess many of you see this message often on your dev/test/lab machines. Especially when you use them for a long term. So may be wondering how you can disable that annoying expiration of passwords?!
Recently I was told I need to create a blog post about this. I though "Why so? It is so simple to do?!" Well actually for me, as a sysadmin, it is really simple but in fact when it comes to developer side it is not that simple as it looks like. Active Directory Domain Services is a complicated directory service that requires some knowledge to manage it carefully and be in good health.
So if you do your dev environment by yourself you need to know how to manage your Active Directory properly. In this article I will share with you a PowerShell script that will disable the password expiration for all accounts in AD and this message will appear never again :)
But be sure that this machine is fully isolated from your production environment and have no sensitive data inside it because this is a security issue and you don`t want to expose company information to internet!
So let`s go back to the script. This PowerShell script will work only on a machine where AD is promoted (installed). Otherwise you need to connect remotely to the computer hosting this role but that`s another topic that I will discuss in another post.
Here`s the script:
Changing Password Policy
Setting password policy: Password never expire, no min and max password age, no lockout, no password history
#Loading Modules - this will import the libraries needed to operate with the AD objects
#Setting Variables - this will get the current domain name
$forest = (get-addomain).forest
#Setting Password Policy
Set-ADDefaultDomainPasswordPolicy -Identity $forest -PasswordHistoryCount 0 –MinPasswordLength 0 -MinPasswordAge 0 -MaxPasswordAge 0 -LockoutObservationWindow 0 -LockoutThreshold 0
What it actually does? Well this PowerShell script modifies the Group Policy Object with all the default domain policies that applies for all domain members.
You can find more information about each switch and parameter here - http://technet.microsoft.com/en-us/library/ee617251.aspx
Ok guys, hope this is helpful. Will think of some series of blog posts about AD tips and tricks for SharePoint.