• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 183
  • Last Modified:

Domain Controller Issue

We had Toronto office in which users passwords expired without giving
them a password change warning.
Is it something I need to set on the Toronto AD controller  to receive that message?
1 Solution
Mike KlineCommented:
You can set a group policy against the Toronto machines (not sure what you have set now)
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
The setting is >> Interactive logon: Prompt user to change password before expiration
Usually we set this policy while enabling the domain password policy. If you did the samething then the policy is at the domain level which should apply to all your domain controllers. Unless you have a separate GPO link only to the Domain Controllers OU or have no GPO that specifically configured this Interactive Logon for prompting user to change password before expiration, or you unless you have moved your Toronto DC out of the domain contorllers OU, otherwise all users should get the Prompt to change password. You can verify this by verify a machine that gets the prompt against the one that does not and see what policies are applied to them, use the GPRESULT at the command prompt. Or if you have GPMC, take a look at the setting of your default doamin policy or the policy that you have the password policy configured would be a good start.
kiran_kumar01Author Commented:
Hi All,

The policy was set at domain level. The problem was with replication to this particular DC.

Thanks for all your help


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now