I have a running service with logon user credentials using a service account in AD.
If I change the service account password in AD users and groups but not on the service startup/logon details would the service still run? Or does the password only get checked during startup of the service?
Or does the service need to log on to the domain controller every x number of hours?
Update - I am using Windows Authentication to communicate between two machines running services with WCF over the network.
It depends on the service. If the service does not access network resources such as a network file share on a regular basis, but instead only does stuff on the local machine, then no it will not matter if you change the service account's password in Active Directory. The service will keep chugging along indefinitely until the service is eventually restarted or the computer is rebooted.
When the service finally does get restarted, it will then attempt to log in to the domain and will be met with a logon failure at that time if the Windows service is not updated accordingly.
But of course if the Windows service does perform network operations, then it will need a fresh Kerberos ticket at least every 10 hours (at which time the service will need to know its current password,) or else it would start failing to access those network resources and the service will either die or start putting error events into the event logs, depending on what service it is.