Skip to content

AD Tripwires – Rotating the Service Account Password

The AD Tripwires service account password might expire or be scheduled for rotation by your domain's password policy. When this happens, the AD Agent loses the ability to communicate with your domain, and monitoring is suspended until the passwords are rotated and the AD Agent is updated with the new credentials.

When to Rotate

You will see the following error on the AD Tripwires domain index:

The service account password is expired. Rotate the password to restore AD agent monitoring.

AD Tripwires Agent Details page, showing domain index error message to rotate password

Error indicator for password rotation

Steps to Rotate

Runner must be active

Ensure that the NodeZero runner used during installation is active before proceeding. It will be used to cache the new credentials on the NodeZero host and restart the AD Agent.

  1. On the AD Tripwires domain index, click the Rotate Password button for the affected domain
  2. Copy the PowerShell command provided
  3. Run the command in your AD environment with domain admin credentials on any domain-joined Windows host with internet connectivity — this will rotate all AD Tripwires passwords in your domain
  4. Once the passwords are rotated, the runner will automatically cache the new service account credentials and restart the AD Agent
  5. The error will clear once the AD Agent reconnects — this may take up to 5 minutes