PDC machine account password doesn't update

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi,
I need to decommission several NT4 domains which still hold active user and computer account. I run a script that tells me the password age of machines.
Here the script: http://hacks.oreilly.com/pub/h/1115

What I saw is that on all domains the password of the PDC is hundreds or over 1000 of days old. The passwords of the BDCs and other machines do get changed. I don't see errors in the event logs and everything seems to work just normal. These domains have trust relationships to w2000 domains. Does somebody know why this happens? I used the script in an 2003 domain and it worked well. Can I ignore it? May there are more active machine accounts than just the PDCs. I want to delete the old accounts as these are thousands.

Please help
Many thanks
Matthias
1 answer Last reply
More about machine account password doesn update
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I wouldn't think the PDC of the domain would need a machine
    account password change for security reasons since it does
    have a local writable copy of the SAM database and is the
    keeper of all machine account passwords. Netlogon will
    cache the old and new password but the acutal writable
    password is held by the PDC.

    "Matthias Jeschke" <Matthias Jeschke@discussions.microsoft.com> wrote in
    message news:
    > Hi,
    > I need to decommission several NT4 domains which still hold active
    user and computer account. I run a script that tells me the password age
    of machines.
    > Here the script: http://hacks.oreilly.com/pub/h/1115
    >
    > What I saw is that on all domains the password of the PDC is hundreds
    or over 1000 of days old. The passwords of the BDCs and other machines
    do get changed. I don't see errors in the event logs and everything
    seems to work just normal. These domains have trust relationships to
    w2000 domains. Does somebody know why this happens? I used the script in
    an 2003 domain and it worked well. Can I ignore it? May there are more
    active machine accounts than just the PDCs. I want to delete the old
    accounts as these are thousands.
Ask a new question

Read More

Domain Microsoft Windows