There was an incident this week where one of our SQL Server instances was unexpectedly offline. I found the Windows Services that run the instance stopped and was unable to start them again due to the accounts used by the services being disabled. Allegedly those accounts had been disabled roughly three weeks ago.
The Windows server housing these services was restarted in the early morning that it was found to be down. I had last accessed that instance just a few hours before the reboot without issue. This leads me to believe that there is zero re-authentication that happens for credentials on a constantly running service. Is this true? And if not, what are the policies or defaults that control that behavior?
Everything I've been able to find searching online so far is regarding local authentication of a disabled account that happens when a device is not on the domain network. I just can't seem to find anything talking about disabled AD accounts used on services other than the standard troubleshooting steps for when a service won't start.