Increase the days an account becomes inactive in Active Directory

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

webuxer

New Member
Oct 21, 2020
3
0
1
Hello,
I'm fairly new to Active Directory and would like to know what's the default period (days) an account becomes inactive in AD if a user doesn't logon or uses his/her account. I'm not sure if is 30, 60 or 90 days? Also if I would like to specify the number of days for specific users, where can this be change?

Thank you
 

j_h_o

Active Member
Apr 21, 2015
644
179
43
California, US
The link above is for password expiration.

I believe other tools/scripts would be required to disable an account if it hasn't been logged in for a period of time.
 

Netwerkz101

Active Member
Dec 27, 2015
308
90
28
Wow ... my bad .... not only did I misread that ..... the link i provided was not for user accounts.
You can use the Group Policy management console to view the settings (assuming unchanged).
I don't have a live DC at the moment ... but it looks like 42 days for Max Password Age is default.


Start of "Password Policy" topic:

Look at "Fine Grained Password Policy":

Damn ... will the third time be a charm ...... I had to re-read again ... only to realize i'm answering specific to password aging.
By default .... i don't know, or I have never even thought about an account expiring simply by lack of not logging in to the domain.
I know you can set the expiration for an account, but I always thought the default for this was "Never Expire".
In this case, only having a max password age should stop the account from logging in.

For anindividual user via GUI (Active Directory Users & Computers aka dsa), look at the account tab of a User's properties page - example:



To set an expiration date for group of users PowerShell example #2:
 
Last edited: