Solved

Expiration Date when Password Never Expires is Unchecked

Posted on 2008-10-13
2
765 Views
Last Modified: 2013-12-04
Most of our users have "Password Never Expires" checked in their account properties. Currently, our password policy will prompt the user to change the password every 90 days. If a user has a password that is over 90 days old and their password is set to never expire, will that user recieve a prompt to change their password the first time that the user attempts to login if the "Password Never Expires" check is removed from their account?

If someone knows the answer to this, could they also provide a link so that I can read up on this?
0
Comment
Question by:Joseph Moody
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22703870
Password expirations are based on the value of the pwdAge attribute, which is computed based on the date/time that the password was last set/changed. Once the "Password never expires" check-box is removed, if the account has a pwdAge value that is older than the maximum password age configured in your Domain Password Policy, the account will be prompted to change its password on next logon.

If you have a significant number of user accounts that fall under this criteria, recommend that you stage the removal of the "Password Never Expires" flag in a gradual manner so that your help desk is not overwhelmed with support calls.
0
 
LVL 22

Author Closing Comment

by:Joseph Moody
ID: 31505605
That was exactly what I needed! Thanks!
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question