There is a setting in active directory password to turn on or off "reversible encryption". Currently I have this feature turned on, and I am planning to turn it off. What effect will this have on the existing accounts? Will they no longer be able to log in? Will they be forced to change their password on next login? What should I expect?
Active Directory – Changing Password Setting Reversible Encryption Effect on Existing Accounts
active-directorypassword
Related Topic
- Windows – Active Directory password expired. If I set it to never expire, can the user keep the same password
- Windows Active Directory – Implementing Password Policy and Its Effects
- Windows – Is the password compromised because I forgot to hit Enter after ssh username
- Implimenting a new password policy without locking out users
- Verify that users are required to change their password on their first login
- Setting “Store passwords using reversible encryption” to disabled
Best Answer
Nothing immediate will happen. The reversible password is stored separately from the normal password so the passwords will keep working.
I think starting with Windows 2008, if you disable this option then the domain controllers will wipe out the reversible passwords for all affected users. Prior to Windows 2008 the password would stick around until the user changes their password, at which time the reversible copy is deleted.