We had originally set a GPO policy to require users to change passwords every 90 days. However upper management has required us to extend that time frame. The issue is I have modified the GPO to the new time frame but users and still getting prompted to change after 90 days. I ran RSOP against several machines and it reports the new maximum password age but if I run a vb script (see below) that checks my maximum passwords age it reports back 90 days. DC is W2K.
What/where am I missing something?
' First, get the domain policy.
strDomainDN = "YOURDOMAIN"
strUserDN = strDomainDN & "/CN=John Doe,CN=Users,DC=YOURDOMAIN,DC=COM"
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
' Calculate the number of days that are
' held in this value.
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
WScript.Echo "Maximum Password Age: " & numDays
' Determine the last time that the user
' changed his or her password.
Set oUser = GetObject("LDAP://" & strUserDN)
' Add the number of days to the last time
' the password was set.
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
WScript.Echo "Password Expires On: " & whenPasswordExpires
' Clean up.
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing