How do I enforce an immediate forced password change for the domain?

Posted on 2005-05-02
Medium Priority
Last Modified: 2013-12-19
Windows 2000 AD network and I have configured a group policy for password requirements (length, max time, complexity, etc.). I currently have it set for the users to be prompted to change it every 90 days. However, it seems that it starts from today for 90 days before they will be prompted. I want it to require it immediately and then again every 90 days moving forward. ANy ideas?
Question by:welshiv
1 Comment
LVL 86

Accepted Solution

oBdA earned 1000 total points
ID: 13916188
Actually, it's not "90 days from setting the policy", it's "password age of 90 days" that forces a user to change his password if a policy is set; so if you have users who have changed their password 80 days ago, they will be forced to change it in 10 days.
There is one setting in the ADUC user profile that interferes with that, "Password never expires". If this property is set, it doesn't matter what's defined in the password policy, the user will never be asked to change it. You should check that just in case.
At the same place, you'll find a setting "User must change password on next logon"; you can set this to force a one-time immediate password change.
Unluckily enough (unlike NT4 and W2k3), you can't highlight several users in the W2k ADUC console, so you'll have to set this one by one.
If you have the W2k Resource Kit, you can use the cusrmgr.exe utility to change the "MustChangePassword" from the command line or a script.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question