Solved

Fine-grained Password Policies

Posted on 2011-09-29
4
623 Views
Last Modified: 2012-06-27
I have FGPP working fine but can expiry noticed by defined? There are many account that havent changed their password as we did nto have a policy in place. So, the immediately expire. Also, increasing the number of characters prevents a user from logging in.
0
Comment
Question by:timz955
4 Comments
 
LVL 9

Expert Comment

by:Lester_Clayton
ID: 36814785
Windows Operating systems will automatically suggest you change your password 10 or more days prior to your password being changed.  The reminder comes as a balloon tip in your system tray.  If you have disabled balloon tips, then these will never show.  If the user misses or ignores these suggestions, then they will be out of luck.  I know Netware used to give grace logins after the password expiry, but no such thing exists in AD.

Changing the number of characters should only affect the user if the user's password does not meet this new required number of characters - as his password no longer meets minimum requirements.
0
 

Author Comment

by:timz955
ID: 36814850
No. Actually, you need to set a GPO. After I apply, the FGPP, the account becomes unavailable if their password does not meet the criteria.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 36816685
I had thought that was the default behavior... Kinda like setting a 60 day password policy... When the existing password is already 75 days old, it is expired..... (May be wrong)

Perhaps a staged approach..... Warn them with some communication before hand?

0
 
LVL 79

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 36892395
They should be prompted for 'you must change your password before you login'

or you could use powershell to reset everyone's password and give the department heads the departments password that the user must change.

 
Set-AdUserPwd.ps1

    Function Set-AdUserPwd
    {
    Param(
    [string]$user,
    [string]$pwd
    ) #end param
    $oUser = [adsi]"LDAP://$user"
    $ouser.psbase.invoke("SetPassword",$pwd)
    $ouser.psbase.CommitChanges()
    } # end function Set-AdUserPwd
    Set-AdUserPwd -user "cn=john,ou=HQ_TestOU,dc=contoso,dc=com" -pwd P@ssword1

Open in new window

Get-SortedGroupMembership.ps1

    ([adsi]"LDAP://cn=HQTestGroup,ou=HQ_TestOU,dc=contoso,dc=com").member |

    ForEach-Object [adsi]"LDAP://$_" | sort name | select name

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now