When implementing a 90 day password change in a GPO does it take effect immediately??

We are getting ready to implement a 90 day password change in a GPO and was wondering that when we put this in place does it prompt everyone who's password is 90 days or older immediately??  Or is it 90 days from when it was implemented??

Thanks in advance for your help.
bob_kochanskiAsked:
Who is Participating?
 
tigermattConnect With a Mentor Commented:

The password age is determined using the pwdLastSet attribute on the user's properties. As such, if a user's password was changed 90 days or more ago, their password will be considered expired when the policy is implemented and they will be prompted at next login to change their password.

-Matt
0
 
Mike KlineConnect With a Mentor Commented:
Matt is right on,
Before you do this you may want to run a report using a tool called old computer by MVP Joe Richards
Then you can get a sense of how many users haven't set their passwords in certain amount of days
http://www.joeware.net/freetools/tools/oldcmp/index.htm
oldcmp -report -users -age <specify days here>
 or if you want to run a report and dump all the pwdlastset attributes into an easy excel file use Joe's adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -f  "&(objectcategory=person)(objectclass=user)" samaccountname pwdlastset -tdca -nodn -csv >  c:\users.csv
Thanks
Mike
 
0
 
bob_kochanskiAuthor Commented:
Thank you gentlemen.  Appreciate the quick response.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.