How do I enforce an immediate forced password change for the domain?

Posted on 2005-05-02
Last Modified: 2013-12-19
Windows 2000 AD network and I have configured a group policy for password requirements (length, max time, complexity, etc.). I currently have it set for the users to be prompted to change it every 90 days. However, it seems that it starts from today for 90 days before they will be prompted. I want it to require it immediately and then again every 90 days moving forward. ANy ideas?
Question by:welshiv
    1 Comment
    LVL 82

    Accepted Solution

    Actually, it's not "90 days from setting the policy", it's "password age of 90 days" that forces a user to change his password if a policy is set; so if you have users who have changed their password 80 days ago, they will be forced to change it in 10 days.
    There is one setting in the ADUC user profile that interferes with that, "Password never expires". If this property is set, it doesn't matter what's defined in the password policy, the user will never be asked to change it. You should check that just in case.
    At the same place, you'll find a setting "User must change password on next logon"; you can set this to force a one-time immediate password change.
    Unluckily enough (unlike NT4 and W2k3), you can't highlight several users in the W2k ADUC console, so you'll have to set this one by one.
    If you have the W2k Resource Kit, you can use the cusrmgr.exe utility to change the "MustChangePassword" from the command line or a script.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now