Solved

Expiration Date when Password Never Expires is Unchecked

Posted on 2008-10-13
2
766 Views
Last Modified: 2013-12-04
Most of our users have "Password Never Expires" checked in their account properties. Currently, our password policy will prompt the user to change the password every 90 days. If a user has a password that is over 90 days old and their password is set to never expire, will that user recieve a prompt to change their password the first time that the user attempts to login if the "Password Never Expires" check is removed from their account?

If someone knows the answer to this, could they also provide a link so that I can read up on this?
0
Comment
Question by:Joseph Moody
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22703870
Password expirations are based on the value of the pwdAge attribute, which is computed based on the date/time that the password was last set/changed. Once the "Password never expires" check-box is removed, if the account has a pwdAge value that is older than the maximum password age configured in your Domain Password Policy, the account will be prompted to change its password on next logon.

If you have a significant number of user accounts that fall under this criteria, recommend that you stage the removal of the "Password Never Expires" flag in a gradual manner so that your help desk is not overwhelmed with support calls.
0
 
LVL 22

Author Closing Comment

by:Joseph Moody
ID: 31505605
That was exactly what I needed! Thanks!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question