Changing user password in Windows Server 2012 with Active Directory

Changing an AD password

This manual describes how to change a password for a server with Active Directory domain service. For this purpose, open "Start" -> "Administrative Tools" -> "Active Directory Users and Computers"

Changing account password Server 2012 --AD - Start

windows Server 2012 AD - administrative tools

In the new window that appears, open the section containing the name of your domain – in the screenshot this is "example.com" – and click on the "Users" folder.

The list of users will emerge on the left side; select one of the users by name and right click on "Reset Password ..."

windows Server 2012 AD - reset password

In the change password window:

  1. Enter a new password (password must be at least 8 characters)
  2. Check the box "User must change password at the next logon" if required.
  3. Unblock the relevant user account if the user has been locked by the system.

windows Server 2012 AD - type new password

Press "OK". If all the data have been entered correctly, a window will appear confirming successful password change. Let's proceed to the "Password age" function.

AD password age

On the server, the "Password age" function is set to 42 days by default which means that every 42 days your system will require a password change. Where to change or disable this feature is discussed below.

Open "Start" -> "Administrative Tools" -> "Group Policy Management"

windows Server 2012 AD group policy

 The "Group Policy Management" window will open. In the left side block open the tree: "Forest: Your Domain Name" -> "Domains" -> "Your Domain Name" -> "Default Domain Policy"; then select the "Settings" tab in the right side block.

In the "Settings" tab, open the following tabs: "Policies" -> "Windows Settings" -> "Security Settings" -> "Account Policies / Password Policy":

windows Server 2012 AD - max password age

In the "Account Policy / Password Policy" list, right-click on "Maximum Password Age 42 Days" and select "Edit" in the context menu. The "Group Policy Management Editor" will open. In this editor, in the left side block, open the tree: "Computer Configuration" -> "Policies" -> "Windows Settings" -> "Security Settings" -> "Account Policies" -> "Password Policy".

In the right side block "Maximum password age is 42 days"

windows Server 2012 AD - max pass age edit

In the window that opens, set the value "Password age" to 0 or the value you need. "0" tells the system that the "Password age" function is disabled. In such mode, the password age is infinite.

windows Server 2012 AD - age zero

And click on "Apply", that's it.