If you’re having a domain account, and you’re getting The user’s account has expired error while operating it, this guide may help. This usually happens on the temporary accounts, set on domain. Because of the expiration time configured in the account property, you’d be receiving this message while you go beyond the expiration time.
Notice that this happens because user account expiration, and is different thing from password expiration. The password configuration asks users to set a new password after a specific expiration time. Users can set a new password on their own. However, when account expires, only an administrator can deal it.
You can try either of the solutions mentioned below to fix this issue on your system or for clients.
Page Contents
Fix The user’s account has expired on Windows 11/10
Fix 1: Disable account expiration in Domain Controller
For this fix, you need to access the Domain Controller (DC) administering the concerned account. You can perform these steps on the DC:
1. Run dsa.msc command to open Active Directory Users and Computers.
2. In Active Directory Users and Computers, select your domain name and click Users in the right pane.
3. Locate the user account having this issue and right click on it, select Properties.
4. On the property sheet, go to Account tab and make sure Account expires is set to Never.
5. Click Apply, OK.
Fix 2: Using Windows PowerShell
1. Right click on Start button and select Terminal (Admin).
2. In the Terminal app, open new Windows PowerShell tab and execute following command:
net user USERNAME /expires:never
*Substitute USERNAME with actual user account name.
3. Once command executed successfully, you can close Terminal app.
Fix 3: Check AD replication
1. First run this command to display the distinguishedName of the user.
dsquery user -name USERNAME
2. Use that value to run the following (replace the entries in green color with the corresponding names):
repadmin /showobjmeta <DC_in_the_central_site_or_PDC> <distinguishedName_of_the_user>
and
repadmin /showobjmeta <Usual_Logon_DC_for_the_user> <distinguishedName_of_the_user>
Next you can test the health of your AD with the next commands:
DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
netdiag.exe /v > c:\netdiag.log
Try above command on each DC.
repadmin.exe /showrepl * /verbose /all /intersite > c:\repl.txt
repadmin /replsum > c:\replsum.txt
ADReplStatus
dnslint /ad /s "IP address of your DC"
That’s it!
Leave a Reply