My Oracle Support Banner

After User Password Expires in Active Directory, Centrally-Managed User (CMU) Logon Fails With ORA-1017 (Doc ID 2792975.1)

Last updated on APRIL 17, 2023

Applies to:

Oracle Database - Enterprise Edition - Version and later
Information in this document applies to any platform.


A centrally-managed user (CMU) receives "ORA-01017: invalid username/password; logon denied" when trying to connect to Oracle Database. 

The user was able to successfully connect just the day before.  The password has not been changed.

In this case, the problem appears 90 days after the Active Directory (AD) password filter was installed.

When the user changes its password in Active Directory, the user is able to log in successfully.


Deployed the Oracle password filter for Active Directory and extended the Active Directory schema.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.