Forum Discussion
Medium Alert Read-only user password to expire shortly on GMSA
The fact that we even alert on gmsa accounts is a bug, you don't have anything to do in that regards...
There is no question about it..
I asked because I am trying to figure out why it pops in your case and not in others.
by default, when you define the gmsa account, it's password expiry policy is 1 month, but you can change it. my question was if you changed it to something lower than 1 month...
Microsoftjazzer What is the password expiry policy for this account/domain ?
The default for gmsa is to roll passwords once a month. any chance you changed it to something lower?
HIi EliOfek
what you mean by "changed it to something lower". The purpose of a gmsa is that the system manages and changes the password, like a computer account. In what intervals the system changes the password should be left to the system. If we can already use a gmsa account in ATP, it should also be able to handle it and do not alert my about a password expiration.
The Password Policy is like:
Force user logoff how long after time expires?: Never
Minimum password age (days): 1
Maximum password age (days): 42
Minimum password length: 8
Length of password history maintained: 24
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
- EliOfek
The fact that we even alert on gmsa accounts is a bug, you don't have anything to do in that regards...
There is no question about it..
I asked because I am trying to figure out why it pops in your case and not in others.
by default, when you define the gmsa account, it's password expiry policy is 1 month, but you can change it. my question was if you changed it to something lower than 1 month...
Hi EliOfek
Thanks for your clear statement that this is a BUG. No we did not change the time for the password change policy on the GMSA Account. Should we do any configuration on the GMSA account to bypass the alert? Please let me know.
Regards Steve
