Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,252 questions
Hi,
Thank you for posting in our TechNet forum.
Q1: What will happen to computer objects if it is no longer connected to the network for a very long time? Computer accounts need to reset it's password to the domain controller.
A1: The machine account password change is initiated by the computer every 30 days by default. Machine account passwords as such do not expire in Active Directory. They are exempted from the domain's password policy. It is important to remember that machine account password changes are driven by the CLIENT (computer), and not the AD.
As long as no one has disabled or deleted the computer account, nor tried to add a computer with the same name to the domain, (or some other destructive action), the computer will continue to work no matter how long it has been since its machine account password was initiated and changed.
So if a computer is turned off for three months nothing expires. When the computer starts up, it will notice that its password is older than 30 days and will initiate action to change it. The Netlogon service on the client computer is responsible for doing this. This is only applicable if the machine is turned off for such a long time.
If the machine was down for a long time, that scavenger thread will not run and the password will not get out of sync in the local store and Active Directory.
If the machine was unable to communicate with a domain controller for 60 days, then we have a secure channel issue.
For more information, please refer to:
Machine Account Password Process
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/machine-account-password-process/ba-p/396026
Resetting computer accounts in Windows
https://support.microsoft.com/en-us/help/216393/resetting-computer-accounts-in-windows
Q2: What will happen to user accounts if the user is not connected to the network for a very long time and the user account is already expired?
A2: Password expiration and account expiration are two different means to achieve the same goal, that is to prevent someone to log in. However, they are used in different context and for different needs.
When the account expires, you will not be able to use it at all. That said, this is different from the Password Expiration of a user account. In Password expiration, the user will be prompted to change the password, and after that, the user account can be used again as usual.
For more information, please refer to:
https://www.thewindowsclub.com/the-users-account-has-expired-on-windows-10
Q3: What will happen to user accounts if the user is not connected to the network for a very long time and the user password is already expired?
A3: The user will be prompted to change the password, and after that, the user account can be used again as usual.
For more information, please refer to:
http://help.netmotionsoftware.com/support/docs/mobilityxg/1100/help/mobilityhelp.htm#page/Mobility%20Server/config.05.035.html
For any question, please feel free to contact us.
Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
Best regards,
Anne He