Forum Discussion
Active directory allowing old and new password after reset
We are using windows 2019 server and once password is reset (before expired), we see a behavior that old password is valid for 5mins after password reset. Our replication delay is 15 seconds and we haven't set registry key OldPasswordAllowedPeriod. By documentation https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/new-setting-modifies-ntlm-network-authentication it is mentioned that if OldPasswordAllowedPeriod is not set, default will be 60mins. So where is this 5 mins configured?
Hi, it appears that the 5-minute behavior is managed internally by Windows Server 2019 and isn’t directly controlled by the OldPasswordAllowedPeriod parameter (which defaults to 60 minutes for NTLM if not set). I suggest checking the release notes or contacting Microsoft support for further clarification.
