?
Solved

Active Directory Password Policy Changes

Posted on 2009-05-20
3
Medium Priority
?
954 Views
Last Modified: 2013-12-04
If I change our current password policy, will it affect accounts I have that are currently set for their password to never expire? Also, once the policy is changed, will everyone have to change their password immediatley IF their current password does not meeet the new policy?
0
Comment
Question by:michd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24435197
It depends on what changes you are making
Are you going to change maximum password age?
Passwords that are set to not expire won't be affected there.
Thanks
Mike
0
 
LVL 26

Accepted Solution

by:
Pber earned 2000 total points
ID: 24435209
If people have password set to never expire, they will not be required by the policy to set a password.  If the user's password doesn't meet the new password requirements, they will not be required to change their password immediately.  when their password expires, they will require to have a password that meets the requirements.
The only time the user will be forced to immdiately change their password when you change the policy is if you change the Max password age to less than their current password age.
0
 
LVL 18

Expert Comment

by:Americom
ID: 24435578
1. As stated from the above experts, user account with "password never expire" will not be affected when you enable password policy. It just that when the user decide to change password, it must be complied with the password policy such as the complex password requirement.
2. Again, as stated from above experts, enabling the password policy will not cause user to change password immediately
3. If user change password and does not follow the complex password requirements, then they would get a popup message as show in the screen capture. If user are not aware of this and did not pay much attention, they could get locked depending the number of attempt you have set in the password policy.
ComplexPassword.bmp
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month10 days, 10 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question