Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

When implementing a 90 day password change in a GPO does it take effect immediately??

Posted on 2009-04-08
3
Medium Priority
?
319 Views
Last Modified: 2013-12-12
We are getting ready to implement a 90 day password change in a GPO and was wondering that when we put this in place does it prompt everyone who's password is 90 days or older immediately??  Or is it 90 days from when it was implemented??

Thanks in advance for your help.
0
Comment
Question by:bob_kochanski
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 400 total points
ID: 24098186

The password age is determined using the pwdLastSet attribute on the user's properties. As such, if a user's password was changed 90 days or more ago, their password will be considered expired when the policy is implemented and they will be prompted at next login to change their password.

-Matt
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 24098295
Matt is right on,
Before you do this you may want to run a report using a tool called old computer by MVP Joe Richards
Then you can get a sense of how many users haven't set their passwords in certain amount of days
http://www.joeware.net/freetools/tools/oldcmp/index.htm
oldcmp -report -users -age <specify days here>
 or if you want to run a report and dump all the pwdlastset attributes into an easy excel file use Joe's adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -f  "&(objectcategory=person)(objectclass=user)" samaccountname pwdlastset -tdca -nodn -csv >  c:\users.csv
Thanks
Mike
 
0
 

Author Closing Comment

by:bob_kochanski
ID: 31568068
Thank you gentlemen.  Appreciate the quick response.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question