Implement domain password policy

Posted on 2011-10-09
Last Modified: 2012-05-12
I am about to implement a domain password policy.

Problem is I have too many roaming users and when I implement, they will all call to have their passwords reset.

Is there anyway to implement the policy, but give users X days notice before hand? Like how when their new password is due to expire, they get 14 days worth of reminders.
Question by:Mayogroup
    LVL 3

    Accepted Solution

    Assuming your users passwords already expire after X days, you could just implement the policy and users will be forced to change their passwords at the same time they would have anyways. This time with the new policy.

    Your will run into a problem if there are users who's passwords don't already expire

    I believe that expiring an account and then un-expiring the account will reset the password set date, but i'm not able to test at the moment. You can test by setting a test account to expire and then removing the expiry after it expires. Use the "net user" command as described in the KB above, but add the switch "/domain" to verify

    Author Comment

    Current passwords to not expire. I will try test.

    Author Comment

    If I ask everyone to Reset passwords now, will they be asked again when I implement the policy? (providing the password they use meets the new complexities?
    LVL 3

    Assisted Solution

    No. Unless their passwords are now expired under the new policy.

    If you ask them to reset today and then set a 60 day policy 30 days from now. Everyone will be forced to change their passwords 30 days later (because the passwords have now reached their max age). At that point they will need to choose passwords that meet the complexity policy

    Author Comment

    Is an option to setup a temporary web portal so user can change externally for the initial implementation?

    Featured Post

    Want to promote your upcoming event?

    Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

    Join & Write a Comment

    I have been working as System Administrators since 2003. I recently started working as a FreeLancer and was amazed to find out that very few people are taking full advantage of their Windows Server Machines. Microsoft Windows Server comes with so…
    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now