[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

When implementing a 90 day password change in a GPO does it take effect immediately??

We are getting ready to implement a 90 day password change in a GPO and was wondering that when we put this in place does it prompt everyone who's password is 90 days or older immediately??  Or is it 90 days from when it was implemented??

Thanks in advance for your help.
0
bob_kochanski
Asked:
bob_kochanski
2 Solutions
 
tigermattCommented:

The password age is determined using the pwdLastSet attribute on the user's properties. As such, if a user's password was changed 90 days or more ago, their password will be considered expired when the policy is implemented and they will be prompted at next login to change their password.

-Matt
0
 
Mike KlineCommented:
Matt is right on,
Before you do this you may want to run a report using a tool called old computer by MVP Joe Richards
Then you can get a sense of how many users haven't set their passwords in certain amount of days
http://www.joeware.net/freetools/tools/oldcmp/index.htm
oldcmp -report -users -age <specify days here>
 or if you want to run a report and dump all the pwdlastset attributes into an easy excel file use Joe's adfind
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -default -f  "&(objectcategory=person)(objectclass=user)" samaccountname pwdlastset -tdca -nodn -csv >  c:\users.csv
Thanks
Mike
 
0
 
bob_kochanskiAuthor Commented:
Thank you gentlemen.  Appreciate the quick response.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now