Member_2_761121
asked on
Domain Password Change
If I set the default domain policy to Maxmum password age to 30 days, is it 30 days from when I make the change to the policy or 30 days since the password was last changed ?
Also I have an OU which I want to mange the passwords for the accounts in there, they all have ticks in the account boxes so that password doesn't expire and User can't change password - I take it this will prevent the accounts from being prompted to change their passwords?
Also I have an OU which I want to mange the passwords for the accounts in there, they all have ticks in the account boxes so that password doesn't expire and User can't change password - I take it this will prevent the accounts from being prompted to change their passwords?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Brian Pierce
.. and user can't chnage password will also apply
Maximum password age is the no. of days that will expire the password since its last change.
By checking on password does not expire, the maximum password age will not be effective. Therefore user will not be prompted to change password.
By checking on password does not expire, the maximum password age will not be effective. Therefore user will not be prompted to change password.
I think we have already established that
ASKER
So looking at the majority of my user accounts in Workers OU who do not have any ticks in the account options then if the password was first created 2 years ago or password last set and I flick the switch for maximum password age 60 days then they will all get prompted on next login?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you. So when the policy is implemented it looks at the integer value on the pwdlastset attribute & calclates the date difference?
I have about 4000 users, and I have tried to manually change via ADSIedit on a test account the pwdlastset attribute copy after working out todays date - didn't work! so looks like I will be setting the change password at next logon unless there is another way?
I have about 4000 users, and I have tried to manually change via ADSIedit on a test account the pwdlastset attribute copy after working out todays date - didn't work! so looks like I will be setting the change password at next logon unless there is another way?