How can I view when the password age is due on a Windows 2000 server domain?
Hello,
How can I view when the password age is due on a Windows 2000 server domain? I made the change on 2/23/04 for the maximum password age to be 90 days. Does that also take affect from that day? So in May, users will be prompted to change their passwords.
Thanks in advance for your help.
How can I view when the password age is due on a Windows 2000 server domain? I made the change on 2/23/04 for the maximum password age to be 90 days. Does that also take affect from that day? So in May, users will be prompted to change their passwords.
Thanks in advance for your help.
ASKER
Thanks for the command line sirbounty. I see the current setup but I would like to see the date for the expiration for the password.
Hmmm - this is more easily accessible under 2003 with acctinfo: http://www.mail-archive.com/activedir@mail.activedir.org/msg12877.html
But with a little scripting, you can get similar info from AD in 2000:
http://support.microsoft.com/?kbid=323750
But with a little scripting, you can get similar info from AD in 2000:
http://support.microsoft.com/?kbid=323750
ASKER
So with http://www.mail-archive.com/activedir@mail.activedir.org/msg12877.html---- it only works with the 2003 environment?
I am not familar with scripting. I saw the link and there was codes. Is there a place on the Gui interface where I can extract that information.
Thanks.
I am not familar with scripting. I saw the link and there was codes. Is there a place on the Gui interface where I can extract that information.
Thanks.
ASKER
I had set the password age for 90 days on 2/23/04 and now I just got a 14 day password change warning. How does that come into play. It should be 90days from 2/23/04. Am I missing something besides my two cents? ;)
That is odd.
Um, not at work now, so I can't view this 'live' - but I think if you open up the account and go to the Accounts tab, there's a shaded/disabled date at the bottom...I think it might be for account disablement, but it may correlate to that ending date...
Yes, ADSI scripting is not something to play around with if you've no prior experience...
Where do you have the password age applied? I think it must be at the domain level and not for an OU.
Have you tried
Start->Run->gpupdate /force
??
Um, not at work now, so I can't view this 'live' - but I think if you open up the account and go to the Accounts tab, there's a shaded/disabled date at the bottom...I think it might be for account disablement, but it may correlate to that ending date...
Yes, ADSI scripting is not something to play around with if you've no prior experience...
Where do you have the password age applied? I think it must be at the domain level and not for an OU.
Have you tried
Start->Run->gpupdate /force
??
ASKER
The password age is applied at the Domain level.
Will the gpupdate /force provide me with the necessary information?
Will the gpupdate /force provide me with the necessary information?
No, it would apply the policy immediately. If you've logged off and on again, that's not necessary...
When you set a "password expires" policy, the password change request will become active depending on the date the user's password was set the last time; that might be immediately after activating the policy, if the last password change dates back long enough.
To find out when a user changed his password the last time, open a command window and enter
net user "YourUserName" /domain
This will display some information about the account, including the date the password was last set. It will display the password expiration date as well.
To find out when a user changed his password the last time, open a command window and enter
net user "YourUserName" /domain
This will display some information about the account, including the date the password was last set. It will display the password expiration date as well.
ASKER
Hello oBda,
I tried using the syntax but it doesn' t like it. Please advise. thanks.
I tried using the syntax but it doesn' t like it. Please advise. thanks.
ASKER
Same message as before:
"I had set the password age for 90 days on 2/23/04 and now I just got a 14 day password change warning. How does that come into play. It should be 90days from 2/23/04. Am I missing something besides my two cents? ;)"
I am a bit confused, can someone clear the confusion? It always fun learning new things at a rapid rate. I should have been a race car driver ;)
"I had set the password age for 90 days on 2/23/04 and now I just got a 14 day password change warning. How does that come into play. It should be 90days from 2/23/04. Am I missing something besides my two cents? ;)"
I am a bit confused, can someone clear the confusion? It always fun learning new things at a rapid rate. I should have been a race car driver ;)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the clarification. I had placed the name of my company's domain for the word "domain" instead of using the word "domain"
What Microsoft article can I refer to for the password expiration for the example: JDoe 4 months ago...?
What Microsoft article can I refer to for the password expiration for the example: JDoe 4 months ago...?
Well, sorry to disappoint you, but I'm afraid the "John Doe" expiration is just my example ...
ASKER
No that's kewl. I just had to check because my manager would want to know.
Type:
NET ACCOUNTS <enter>