ds: machine account password interval

you're probably familiar with default machine account password reset intervals:

• nt 4: 7 days
• 2000 & above: 30 days

some additional details on this came through on the activedir.org list. it's pretty cool so i thought i'd share for those that aren't subscribed. unfortunately the author of this information doesn't a blog (yet). activedir.org does, however, maintain archives of the list. :) i'd link you... but that section seems unresponsive right now. at any rate, here's a snippet of the post. these are the logs generated during success, failure and offset.

• success:

05/25 14:48:22 [SESSION] NORTHAMERICA: NlChangePassword: Doing it. 05/25 14:48:22 [SESSION] NORTHAMERICA: NlChangePassword: Flag password changed in LsaSecret 05/25 14:48:23 [SESSION] NORTHAMERICA: NlChangePassword: Flag password updated on PDC 05/25 14:48:23 [MISC] NlWksScavenger: Can be called again in 30 days (0x9a7ec800)

• failure:

05/16 01:13:24 [SESSION] NORTHAMERICA: NlChangePassword: Doing it. 05/16 01:13:24 [SESSION] NORTHAMERICA: NlSessionSetup: Try Session setup 05/16 01:13:24 [SESSION] NORTHAMERICA: NlDiscoverDc: Start Synchronous Discovery 05/16 01:14:05 [CRITICAL] NORTHAMERICA: NlDiscoverDc: Cannot find DC. 05/16 01:14:05 [CRITICAL] NORTHAMERICA: NlSessionSetup: Session setup: cannot pick trusted DC 05/16 01:14:05 [MISC] Eventlog: 5719 (1) "NORTHAMERICA" 0xc000005e c000005e ^... 05/16 01:14:05 [SESSION] NORTHAMERICA: NlSessionSetup: Session setup Failed 05/16 01:14:05 [MISC] NlWksScavenger: Can be called again in 15 minutes (0xdbba0)

• random offset:

05/25 15:03:22 [MISC] NlWksScavenger: Can be called again in 30 days (0x9d671aca)