The setting "Store passwords using reversible encryption" is enabled in our domain and we need to revert this. What happens when this is changed? Will all passwords be encrypted? Or will all users be forced to change their password for it to be encrypted? If all passwords are encrypted will the unnecrypted store as referenced here be deleted?
I see questions for this here but this was a few years ago and I wanted to confirm what a 2012 R2 DC will do now.
Thanks
Best Answer
Nothing will happen immediately. Passwords that are in the reversible encryption format will stay that way. Users will still be able to log in using those passwords. No passwords will expire because you changed this setting.
The next time a password is set, either because the user changed it or an admin did, it will be stored using a one-way method.
This is still true all the way up to Server 2016.