<div>
The first thing to note, which you may already know, is that an Active Directory domain can only have one password policy and it applies to all users. &nbsp;You can't stop it applying to certain users or only apply it to certain users. &nbsp;It also must be defined in a GPO linked to the root of the domain. (see <a href="http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx#EMD" rel="ugc nofollow">http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx#EMD</a>&nbsp;for more info).<br />
<br />
Try running 'gpresult /v' from one of the PCs. &nbsp;This will show you the GP settings that are in force on that PC which might help identify where the password policy is coming from.
</div>


The first thing to note, which you may already know, is that an Active Directory domain can only have one password policy and it applies to all users.  You can't stop it applying to certain users or only apply it to certain users.  It also must be defined in a GPO linked to the root of the domain. (see http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx#EMD [http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspx#EMD] for more info).

Try running 'gpresult /v' from one of the PCs.  This will show you the GP settings that are in force on that PC which might help identify where the password policy is coming from.

<div>
<div class="content wysiwyg-content">
I have a Windows 2003 Server Active Directory domain. &nbsp;I have two group policies which I apply domain wide.<br />
<br />
I had initially enabled password expiry, but them shortly after removed it.<br />
<br />
For some reason, now, users are still getting prompted that their password is to expire even though no GPO has this feature enabled.<br />
<br />
I have run gpupdate /force on a machine and also used SpecOps AD extension to run gpupdate /force on all machines in the domain.<br />
<br />
Any suggestions would be greatly appreciated
</div>
</div>


I have a Windows 2003 Server Active Directory domain.  I have two group policies which I apply domain wide.

I had initially enabled password expiry, but them shortly after removed it.

For some reason, now, users are still getting prompted that their password is to expire even though no GPO has this feature enabled.

I have run gpupdate /force on a machine and also used SpecOps AD extension to run gpupdate /force on all machines in the domain.

Any suggestions would be greatly appreciated

GPO setting not being enforced

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.