Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 374
  • Last Modified:

How can I view when the password age is due on a Windows 2000 server domain?

Hello,

How can I view when the password age is due on a Windows 2000 server domain?  I made the change on 2/23/04 for the maximum password age to be 90 days.  Does that also take affect from that day?  So in May, users will be prompted to change their passwords.

Thanks in advance for your help.

0
g000se
Asked:
g000se
  • 8
  • 4
  • 3
1 Solution
 
sirbountyCommented:
Click Start->Run->CMD <enter>

Type:

 NET ACCOUNTS <enter>
0
 
g000seAuthor Commented:
Thanks for the command line sirbounty.  I see the current setup but I would like to see the date for the expiration for the password.
0
 
sirbountyCommented:
Hmmm - this is more easily accessible under 2003 with acctinfo: http://www.mail-archive.com/activedir@mail.activedir.org/msg12877.html

But with a little scripting, you can get similar info from AD in 2000:
http://support.microsoft.com/?kbid=323750
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
g000seAuthor Commented:
So with  http://www.mail-archive.com/activedir@mail.activedir.org/msg12877.html---- it only works with the 2003 environment?

I am not familar with scripting.  I saw the link and there was codes.  Is there a place on the Gui interface where I can extract that information.

Thanks.
 
0
 
g000seAuthor Commented:
I had set the password age for 90 days on 2/23/04 and now I just got a 14 day password change warning.  How does that come into play.  It should be 90days from 2/23/04.  Am I missing something besides my two cents? ;)
0
 
sirbountyCommented:
That is odd.

Um, not at work now, so I can't view this 'live' - but I think if you open up the account and go to the Accounts tab, there's a shaded/disabled date at the bottom...I think it might be for account disablement, but it may correlate to that ending date...

Yes, ADSI scripting is not something to play around with if you've no prior experience...

Where do you have the password age applied?  I think it must be at the domain level and not for an OU.

Have you tried
 Start->Run->gpupdate /force
??
0
 
g000seAuthor Commented:
The password age is applied at the Domain level.  

Will the gpupdate /force provide me with the necessary information?



0
 
sirbountyCommented:
No, it would apply the policy immediately.  If you've logged off and on again, that's not necessary...
0
 
oBdACommented:
When you set a "password expires" policy, the password change request will become active depending on the date the user's password was set the last time; that might be immediately after activating the policy, if the last password change dates back long enough.
To find out when a user changed his password the last time, open a command window and enter
net user "YourUserName" /domain
This will display some information about the account, including the date the password was last set. It will display the password expiration date as well.
0
 
g000seAuthor Commented:
Hello oBda,

I tried using the syntax but it doesn' t like it.  Please advise.  thanks.
0
 
g000seAuthor Commented:
Same message as before:  

"I had set the password age for 90 days on 2/23/04 and now I just got a 14 day password change warning.  How does that come into play.  It should be 90days from 2/23/04.  Am I missing something besides my two cents? ;)"

I am a bit confused, can someone clear the confusion?  It always fun learning new things at a rapid rate.  I should have been a race car driver ;)
0
 
oBdACommented:
There is no general "password age" for a domain. The password expiration is user specific, and, as I said before, the password age will be calculated starting from the *user's* last password change. The date of your activation of the policy has not very much to do with the expiration date.
Example: Let's say you created a user JDoe 4 months ago, and he never changed his password. You implement a password policy today, with a maximum age of 3 months. As soon as JDoe logs on, he will be forced to change his password, because the password age is over the limit.
To view the last password change and the password expiration date of the user "JDoe", open a command window and enter
net user "JDoe" /domain
Replace "JDoe" with the username you want to query; leave "/domain" as is, this is *not* a placeholder for your actual domain name!
 
0
 
g000seAuthor Commented:
Thanks for the clarification.  I had placed the name of my company's domain for the word "domain" instead of using the word "domain"

What Microsoft article can I refer to for the password expiration for the example:  JDoe 4 months ago...?
0
 
oBdACommented:
Well, sorry to disappoint you, but I'm afraid the "John Doe" expiration is just my example ...
0
 
g000seAuthor Commented:
No that's kewl.  I just had to check because my manager would want to know.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 8
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now