Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Set "password never expires" for Service Account

Puspanjali
New Contributor II
New Contributor II

Hi Team,

For service account we wanted to set password status as "never expires"

So, I created the password policy to set the password status as "never expires"

password policy.png

Create Account JSON

CREATE JSON PASSWORD STATUS.png

But After Owner sets the initial password for the service account  in ARS, status is changing to as below

AD Password status.png

 

Could the team help me to know, How I can make the password status "never expire". 

3 REPLIES 3

dgandhi
All-Star
All-Star

Are you passing userAccountControl in update account json also? Please check if update account task is changing the value in target?

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Manu269
All-Star
All-Star

Please refer to the below post and keep in the mind that the UAC values are additive.

https://forums.saviynt.com/t5/general-discussions/how-can-we-make-ad-password-as-user-cannot-change-...

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate...

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

Puspanjali
New Contributor II
New Contributor II

Hi Manish,

Thank you for the above reference, I could able to create the account with a "never expire" status.

SRVACC.png

savlog.png

But after that, if we are setting the password via ARS then it automatically changes the status to 512 "must change password in next logon"

PASCH.png

PASSSRT.png

Is there any extra JSON I need to configure so that Saviynt stops rewriting the status to 512"Must change password in next logon"