By maxcoder88
Running an AD Health Assessment on our Windows 2019 forest and it flags ~40 Linux/Unix computer accounts as `PasswordNeverExpires=True` (userAccountControl bit 65536 set). Before I blindly clear the flag, I want to understand what's actually going on. **Environment:** - Mixed Linux estate: RHEL 7/8/9, Ubuntu, some legacy CentOS, plus NetApp/QNAP appliances - Join methods vary: `realm join` (SSSD), Samba/Winbind, some old Centrify leftovers - Some boxes have `PasswordLastSet` going back 5+ ye