Expiration Date when Password Never Expires is Unchecked

Most of our users have "Password Never Expires" checked in their account properties. Currently, our password policy will prompt the user to change the password every 90 days. If a user has a password that is over 90 days old and their password is set to never expire, will that user recieve a prompt to change their password the first time that the user attempts to login if the "Password Never Expires" check is removed from their account?

If someone knows the answer to this, could they also provide a link so that I can read up on this?
LVL 22
Joseph MoodyBlogger and wearer of all hats.Asked:
Who is Participating?
 
LauraEHunterMVPCommented:
Password expirations are based on the value of the pwdAge attribute, which is computed based on the date/time that the password was last set/changed. Once the "Password never expires" check-box is removed, if the account has a pwdAge value that is older than the maximum password age configured in your Domain Password Policy, the account will be prompted to change its password on next logon.

If you have a significant number of user accounts that fall under this criteria, recommend that you stage the removal of the "Password Never Expires" flag in a gradual manner so that your help desk is not overwhelmed with support calls.
0
 
Joseph MoodyBlogger and wearer of all hats.Author Commented:
That was exactly what I needed! Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.