From 2e6944d93eac05698c996921bf17a4faf21cfd7b Mon Sep 17 00:00:00 2001
From: gerardma77 <115136373+gerardma77@users.noreply.github.com>
Date: Thu, 19 Sep 2024 20:44:00 +0200
Subject: [PATCH] Adding AD lifetime period of an old password  note to Vault
 LDAP secrets Engine Documentation. (#28428)

* adding_OldPasswordAllowedPeriod_waring

* Updated note for AD passwords

* Update website/content/docs/secrets/ldap.mdx

Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>

---------

Co-authored-by: Equus quagga <jan.prinsloo@hashicorp.com>
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
---
 website/content/docs/secrets/ldap.mdx | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/website/content/docs/secrets/ldap.mdx b/website/content/docs/secrets/ldap.mdx
index 5ac9b4aa9042..114d513fdb9e 100644
--- a/website/content/docs/secrets/ldap.mdx
+++ b/website/content/docs/secrets/ldap.mdx
@@ -199,6 +199,18 @@ Some important things to remember when crafting your LDIF entries:
 
 ### Active directory (AD)
 
+<Note> 
+
+  Windows Servers hosting Active Directory include a 
+  `lifetime period of an old password` configuration setting that lets clients
+  authenticate with old passwords for a specified amount of time.
+
+  For more information, refer to the
+ [NTLM network authentication behavior](https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security new-setting-modifies-ntlm-network-authentication)
+  guide by Microsoft.
+
+</Note>
+
 For Active Directory, there are a few additional details that are important to remember:
 
 To create a user programmatically in AD, you first `add` a user object and then `modify` that user to provide a