6

I've recently started working with contained databases and I do not understand if/how contained database users have passwords that expire.

MSDN documentation says they do - With a SQL Server login, there's the option box to Enforce Password Expiration but this does not exist (as far as I can tell) for contained database users.

These contained database accounts have been around for a while and our domain policy is to reset passwords every 6 months, but we have never had to change these passwords, and the applications are connecting just fine using the same password for the past couple of years.

My first question is how do I know that "Password Expiration" is being enforced for contained database users? With SQL Logins there's a is_expiration_checked column in sys.sql_logins.

With traditional SQL logins I can use following function to get the time a SQL Server login was changed 

LOGINPROPERTY('login','PasswordLastSetTime')

Is there something similar for contained database users?

Shekar Kola
2,4772 gold badges11 silver badges24 bronze badges
asked Sep 6, 2019 at 16:10
0

1 Answer 1

4

Ok, so it looks like only password complexity requirements apply and not expiration - https://learn.microsoft.com/en-us/sql/relational-databases/security/password-policy?view=sql-server-2017 - "Note SQL Database enforces password complexity. The password expiration and policy enforcement sections do not apply to SQL Database."

answered Sep 9, 2019 at 12:37

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.