Elminster73
asked on
Resetting Domain password
Hi all,
I want my 200 domain users to change their password every 60 days but I need to ensure that some important users & the administrator accounts are not affected.
I am also aware that there is a option in the user properties " Password do not expire ". Would this option be override when a domain policy is implemented ?
Thanks.
I want my 200 domain users to change their password every 60 days but I need to ensure that some important users & the administrator accounts are not affected.
I am also aware that there is a option in the user properties " Password do not expire ". Would this option be override when a domain policy is implemented ?
Thanks.
Create a GPO that includes the requirements you have indicated. Appky the GPO to the specific users, leaving the Admin accounts not applied to the policy. As far as the passwords set to never expire, it all depends on what GPO the Admin accounts are set to follow.
Agree with MCSA, but I would create OU's first, one for normal users and other OU's for your service / admin accounts, this will be easier to manage than by individual accounts.
If you have windows 2000/2003 domain, password policy can only work when it is link to the domain level. One domain password policy per domain. Of course, if you have Windows 2008 domain then you are a bit more flexible when comes with doamin users password policy.
Also, yes, if you set the account password never expire, the GPO will not override this feature. However, it is generally not recommended but it can be avoided being prompt to change password.
btw, if password policy applied to OU with machines such as workstation or member servers, it affect the local users account of those machine but not domain users.
btw, if password policy applied to OU with machines such as workstation or member servers, it affect the local users account of those machine but not domain users.
ASKER
Hi all,
Thanks for your reply. But can someone tell me how to reset my 200 domain users password without afftecting the important accounts. Currently my servers are on Windows 2000 / 2003. Is there a script that I can use to make it simplier to reset them ?
Thanks.
Thanks for your reply. But can someone tell me how to reset my 200 domain users password without afftecting the important accounts. Currently my servers are on Windows 2000 / 2003. Is there a script that I can use to make it simplier to reset them ?
Thanks.
please read this article. on how to exclude specific users from a domain wide pwd policy
http://windowsitpro.com/article/articleid/98859/q-how-do-i-exclude-users-from-my-domain-password-policy-and-can-i-exclude-those-same-users-from-domain-policy-read-and-apply-permissions.html
http://windowsitpro.com/article/articleid/98859/q-how-do-i-exclude-users-from-my-domain-password-policy-and-can-i-exclude-those-same-users-from-domain-policy-read-and-apply-permissions.html
As I have mentioned in my above posts, you can exclude the user account from gettting prompt to chagne password by going to the user account object and check "Password never expire". This is the only way to exclude in a domain without using 3rd party product. Unless you have Windows 2008 as mentioned from my above post.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi guys,
Thank you very much for your help and helpful tips.
Thank you very much for your help and helpful tips.