MaximumPasswordAge DisablePasswordChange On Client Computers

by [Published on 27 Jan. 2010 / Last Updated on 31 May 2009]

This article explains how a domain client computer changes its password with the domain controller.

By default, a computer must update its Computer Password with domain controller within the 30 days specified in the registry. This is required to establish the secure channel between the client computer and the domain. If a computer is not able to update its password in the domain within the 30 days then the computer cannot participate in the domain or access the resources.

You need to check the following registry entries to make sure computer is able to sync its password with the domain:



Default value for this entry is 30 days. A computer must update its computer password with its authenticator (domain controller) within the specified days. If this entry is 0 then password is never updated.


The default value of this entry is 0(disabled). If this is 1 then domain computer can't update its password automatically. You must manually update computer account's password.


See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP, and was awarded Microsoft MVP in Directory Services. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles for various online communities. Nirmal can also be found contributing to PowerShell based Dynamic Packs for ADHealthProf.ITDynamicPacks.Net solutions.

Featured Links