Password reset

Question

Hi All

i have an AD service account and i have 10 Domain Controllers. this service account is used in one of the critical application hosted on a server SVR01. when i click set from command prompt on server SVR01 i can see logonserver as DC01. i want to reset the service account password, i go to DC05 and reset the service account password and i share the service account password to the application owner. the application owner doesn't change to the new password in the application. When will i see the outage in application i.e i have reset the password. how much time will this service account take to check with AD that the password has changed. please guide me.

Answer 1

The password is changed on the local domain controller and the PDC is notified of the change. This article explains the password change process and how the PDC password change notification can be changed, to rely solely on AD replication.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/password-change-conflict-resolution-function

You can use this post to confirm that the password has been replicated to all DCs, by confirming the meta time and version numbers are the same.

https://nettools.net/troubleshoot-account-lockouts/

Gary.

Answer 2

The new password should work almost immediately. The new password should be replicated immediately to the PDC Emulator. Depending on the link speed the old password could continue to work for a while on remote domain controllers.
https://social.technet.microsoft.com/wiki/contents/articles/4592.how-active-directory-replication-works.aspx

--please don't forget to upvote and Accept as answer if the reply is helpful--