• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 506
  • Last Modified:

Password policy expiration

I want to enact a password policy within group policy of passwords expiring after 90 days. My network currently does not have password expiration set. My question is when does the "expiration" timer start? Does the counter start upon enabling the policy or will it force the current users that havent changed their passwords to change?
1 Solution
To be clear - if you have no password expiry set on your network at the moment, and all of your users' passwords are older than 90 days, all of your users will be prompted to change their password on the next logon after you enable password expiry.

Depending on the size of your userbase, probably a better idea to manually expire your passwords in stages prior to enabling the overall policy - pick 20/50/100/whatever users at a time, and flag them for "user must change password at next logon."
solidrumorAuthor Commented:
Thanks this was the answer I was looking for.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now