Link to home
Create AccountLog in
Avatar of Member_2_761121
Member_2_761121

asked on

Domain Password Change

If I set the default domain policy to Maxmum password age to 30 days, is it 30 days from when I make the change to the policy or 30 days since the password was last changed ?

Also I have an OU which I want to mange the passwords for the accounts in there, they all have ticks in the account boxes so that password doesn't expire and User can't change password - I take it this will prevent the accounts from being prompted to change their passwords?
SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
.. and user can't chnage password will also apply
Avatar of mnang
mnang

Maximum password age is the no. of days that will expire the password since its last change.
By checking on password does not expire, the maximum password age will not be effective. Therefore user will not be prompted to change password.
I think we have already established that
Avatar of Member_2_761121

ASKER

So looking at the majority of my user accounts in Workers OU who do not have any ticks in the account options then if the password was first created 2 years ago or password last set and I flick the switch for maximum password age 60 days then they will all get prompted on next login?

ASKER CERTIFIED SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Thank you. So when the policy is implemented it looks at the integer value on the pwdlastset attribute & calclates the date difference?
I have about 4000 users, and I have tried to manually change via ADSIedit on a test account the pwdlastset attribute copy after working out todays date - didn't work! so looks like I will be setting the change password at next logon unless there is another way?