Sign in with
Sign up | Sign in
Your question

PDC machine account password doesn't update

Last response: in Windows 2000/NT
Share
Anonymous
August 5, 2004 3:41:02 AM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi,
I need to decommission several NT4 domains which still hold active user and computer account. I run a script that tells me the password age of machines.
Here the script: http://hacks.oreilly.com/pub/h/1115

What I saw is that on all domains the password of the PDC is hundreds or over 1000 of days old. The passwords of the BDCs and other machines do get changed. I don't see errors in the event logs and everything seems to work just normal. These domains have trust relationships to w2000 domains. Does somebody know why this happens? I used the script in an 2003 domain and it worked well. Can I ignore it? May there are more active machine accounts than just the PDCs. I want to delete the old accounts as these are thousands.

Please help
Many thanks
Matthias

More about : pdc machine account password update

Anonymous
August 5, 2004 2:43:41 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I wouldn't think the PDC of the domain would need a machine
account password change for security reasons since it does
have a local writable copy of the SAM database and is the
keeper of all machine account passwords. Netlogon will
cache the old and new password but the acutal writable
password is held by the PDC.

"Matthias Jeschke" <Matthias Jeschke@discussions.microsoft.com> wrote in
message news:
> Hi,
> I need to decommission several NT4 domains which still hold active
user and computer account. I run a script that tells me the password age
of machines.
> Here the script: http://hacks.oreilly.com/pub/h/1115
>
> What I saw is that on all domains the password of the PDC is hundreds
or over 1000 of days old. The passwords of the BDCs and other machines
do get changed. I don't see errors in the event logs and everything
seems to work just normal. These domains have trust relationships to
w2000 domains. Does somebody know why this happens? I used the script in
an 2003 domain and it worked well. Can I ignore it? May there are more
active machine accounts than just the PDCs. I want to delete the old
accounts as these are thousands.
!