Solved

Expiration Date when Password Never Expires is Unchecked

Posted on 2008-10-13
2
757 Views
Last Modified: 2013-12-04
Most of our users have "Password Never Expires" checked in their account properties. Currently, our password policy will prompt the user to change the password every 90 days. If a user has a password that is over 90 days old and their password is set to never expire, will that user recieve a prompt to change their password the first time that the user attempts to login if the "Password Never Expires" check is removed from their account?

If someone knows the answer to this, could they also provide a link so that I can read up on this?
0
Comment
Question by:Joseph Moody
2 Comments
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 22703870
Password expirations are based on the value of the pwdAge attribute, which is computed based on the date/time that the password was last set/changed. Once the "Password never expires" check-box is removed, if the account has a pwdAge value that is older than the maximum password age configured in your Domain Password Policy, the account will be prompted to change its password on next logon.

If you have a significant number of user accounts that fall under this criteria, recommend that you stage the removal of the "Password Never Expires" flag in a gradual manner so that your help desk is not overwhelmed with support calls.
0
 
LVL 22

Author Closing Comment

by:Joseph Moody
ID: 31505605
That was exactly what I needed! Thanks!
0

Join & Write a Comment

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now