![]() | Today the MCTExpert Blog is 1 year old. I want to thank all of my readers for the support over the past year that I have been doing this. It has been a great outreach for me to continue to serve my students after class and obviously a source of information for many others. So far this blog has reached 110 countries and 49 states. It has also been translated into 37 different languages. Over the course of the next year, I'll continue to post the questions that my students ask. The questions that the everyday Network Administrator wants answered. I know that these tips have helped many and I hope they continue to do so long into the future. |
With the AD Recycle Bin Turned on, What Happens when you Create a User Account with a Password that does not meet the Password Policy?
This was an interesting observation from one of my Windows Server 2012 classes. While working with the AD Recycle bin in a lab, one of my students discovered some interesting accounts that were created. When he created user accounts that did not meet password complexity requirements, an account is temporarily made and then deleted. When a new password is provided that meets the password requirements, then a new account is made. We discovered this in two places. First off in the Active Directory Administrative Center. This is what caused the initial confusion. Take a look. This is in the Deleted Objects OU. You can see multiple deleted accounts for Test2 and one for Test3. Test3 is a valid, functioning user account. Using the PowerShell command Get-ADObject –IncludeDeletedObjects –Filter * –Properties ObjectSID we can see that indeed, two accounts were created, with one of them deleted. Notice the RID portion of the SID is different. ...

Comments