How to change the userAccountControl setting of an ONTAP CIFS server to remove the password never expires flag
Applies to
ONTAP 9+
Description
- ONTAP does not set the PasswordNeverExpires flag on the CIFS server machine account. If this flag is set it was done outside of ONTAP.
- The userAccountControl attribute will have a value of at least 0x10000(Hex) or 65536(Dec) if the PasswordNeverExpires
- This value can trigger an alert on security scanners.
- to remove this flag run the following command from an admin powershell prompt:
Set-ADComputer -Identity <CIFS Server name> -PasswordNeverExpires:$False
- ONTAP has its own password change schedule that is disabled by default.