MaximumPasswordAge DisablePasswordChange On Client Computers

by [Published on 27 Jan. 2010 / Last Updated on 31 May 2009]

This article explains how a domain client computer changes its password with the domain controller.

By default, a computer must update its Computer Password with domain controller within the 30 days specified in the registry. This is required to establish the secure channel between the client computer and the domain. If a computer is not able to update its password in the domain within the 30 days then the computer cannot participate in the domain or access the resources.

You need to check the following registry entries to make sure computer is able to sync its password with the domain:



Default value for this entry is 30 days. A computer must update its computer password with its authenticator (domain controller) within the specified days. If this entry is 0 then password is never updated.


The default value of this entry is 0(disabled). If this is 1 then domain computer can't update its password automatically. You must manually update computer account's password.


Featured Links