Windows Server 2016 TP 4 | Secure Identity

I was browsing thru the new schema updates in Windows Server TP 4 and found an interesting new attribute: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts

Sch83.ldf:

dn: CN=ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts,CN=Schema,CN=Configuration,DC=X
changetype: ntdsSchemaAdd
objectClass: attributeSchema
CN: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
attributeID: 1.2.840.113556.1.4.2344
attributeSyntax: 2.5.5.8
adminDisplayName: ms-DS-Expire-Passwords-On-Smart-Card-Only-Accounts
adminDescription: This attribute controls whether the passwords on smart-card-only accounts expire in accordance with the password policy.
oMSyntax: 1
lDAPDisplayName: msDS-ExpirePasswordsOnSmartCardOnlyAccounts
isSingleValued: TRUE
systemOnly: FALSE
schemaIDGUID:: SKsXNCTfsU+AsA/LNn4l4w==
systemFlags: 16
searchFlags: 0
instanceType: 4

Well, this sound interesting if you read the adminDescription:

This attribute controls whether the passwords on smart-card-only accounts expire in accordance with the password policy.

No much more info when I tried to search the internet.

If we search for the attribute we can find it being used at the root of DNC corp.secid.se Continue reading →

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Secure Identity

The blog – By Daniel Ulrichs

Tag Archives: Windows Server 2016 TP 4

Expire Passwords On Smart Card Only Accounts