Again the best that I can find is that controls like the aforementioned effect the
behavior of the client not the server. The client is in control of changing
passwords/renewing keytabs, and unless there is a third party utility in use the AD does
not enforce a password change requirement or lock out a machine if the password has not
been changed.
References:
https://blog.joeware.net/2012/09/12/2590/
https://www.itprotoday.com/management-mobility/q-can-password-windows-mac...
https://funinit.wordpress.com/2017/11/29/how-sssd-updates-machine-account...
https://itworldjd.wordpress.com/2014/01/22/what-is-the-maximum-password-a...
And the info I posted before.
I am not 100% certain of course, there is a huge amount of misinformation one way or the
other on this particular thing, and I am not discounting your experience, it has me
worried enough to be spending my time today trying to find a definitive answer, because if
I am wrong come the 24th my life is going to be miserable.