Maximum Password Age Grayed Out, Cannot Change Password On Windows Server 2012 Or 2016 Domain Controller

Today I am writing about how to modify Maximum password age on windows server domain controller. We have faced this issue in our organization; our DC password used to expire every 42 days which was restricting  access to users, SharePoint sites, and Project server sites. In one word we can say everything was getting messed up. So we Googled and found the solution but as per the solution, the option was grayed out where we could modify the server password or put a password that would never expire.

Anyway we found the solution and fixed the issue, now we are working without any issue occurring on the server.

Below is the step by step solution with screen shots.

  • Login to the server with administrator user name and password.
  • Click windows+ and enter gpmc.msc

  • Once we will hit enter, Group policy Management wizard will open, see below:

  • Navigate the option to server, Group Policy Management> Forest: server Name> Domains>server Domain> and select Default Domain Policy. Here we will right click on the same and click on edit.

  • Once we will click on edit option, it will open Group policy Management editor, here we will select required option to do modify. See below for more.

  • Here we will select navigate to below option to modify for Maximum password Age.

Computer Configuration>Policies>Windows settings> Security Policies>password Policy

  • Here we will select Maximum password age we will select and double click on that, now we can find the option is enabled over here. Finally we reached the option where we can set out our issue.
  • Select the Maximum password age properties under the tab security policy setting and modify as per our requirement.


Here if we will select 0 Option, password will not expire.