How to Lock Domain Account after Password Expires

I know I have seen this at companies before but I cannot find anything in my research on how to do this. I want to lock out a domain user account if the domain user fails to change their password before the password expires. Anyone know this? this is for a AD 2000 domain. I assigned it high points becuase I cannot find the correct answer after quite a bit of research.

Thanks ahead of time
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kevin HaysIT AnalystCommented:
If i'm not mistaking the account is locked out anyway if the user doesn't change the password in the specified time.  At least when our agents don't change their password and it expires they cannot log into the domain and I have to reset their password to some generic password and force them to change it.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StevesdlAuthor Commented:
thank you for this.  Geeesh.. I am buried with a 900 page document revamp this weekend and I just assumed the admins knew what they were talking about on Friday. I am an engineer but now work the Management side and also have rarely ever worked the end of user account management. I read your answer, quickly upgraded a server to a dc at the house and tested this out in my domain. You are correct.  A dialog box comes back stating account is expired and one must contact the admin.

An FYI.  back in the NT 4 days there was a setting that an admin could select that madated the user must be logged on to change the password. that assured that if the password expired in that OS, the Admin had to come into play. It also mitigated the issue of people other than the user to make the change.

Again thanks for the quick discernment.
Kevin HaysIT AnalystCommented:
No problem at all.  Glad I could help.  That's what we are here for.  I keep learning new things each day on experts exchange.  I used to be a C#/VB .NET programmer but I got transitioned into the network/exchange role where I had to implement a new infrastructure and email system.  This was back in January, so I've learned a lot since then, but man, there is just so much more I want to learn though :)

Again, glad I could help.

Have a good weekend,

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.