Active Directory accounts should follow a global password renewal policy that prohibits them from going indefinitely without changing their passwords.
A password expiration policy limits the risk of an attacker guessing or cracking a password before it changes. All user and administrator accounts must follow this policy without exception.
Service accounts can pose a challenge as they require special attention. In case the password of a service account expires and the application developer has not updated it, the service might stop functioning properly. To avoid such an interruption, a specific process must be in place to regularly update the password manually.