Windows Server 2003
Windows Server 2003

In DC - user must change password at next logon

Dear All,

Good Day,

When new user accounts are created, we set a temporary password and check the "User must change password at next logon" box on the user account. In this default domain policy, account passwords expire every 30 days or not. if not how to set account passwords expire every 30 days.

Waiting for your reply

Thanks
Kumar

Ram Kumar ChellamSr. System AdministratorAsked: 2012-12-22

Who is Participating?

LVL 15

achaldaveCommented: 2012-12-22

You need to configure password policy GPO, if you are going to use same policy for all users in domain then you can use default domain policy otherwise you need to create different policies and apply them to OUs.
If you change default domain policy, make sure you set "password never expired" option on service accounts otherwise you need to change service accounts password and reconfigure services every X number of days specified in the policy. When set option "Password never expires" the option overrides the group policy setting applied to account.

http://technet.microsoft.com/en-us/library/cc736605%28WS.10%29.aspx

LVL 2

GanparCommented: 2012-12-22

You can check the default domain policy setting on

http://technet.microsoft.com/en-us/library/4695b475-f87e-45c5-93c7-49af2f94215f(v=ws.10)#BKMK_Pwd

You can edit this policy using gpmc tool. If you have windows server 2003 download GPMC -

http://www.microsoft.com/en-us/download/details.aspx?id=21895

Please note you must be a member of "Domain Admin" or "Enterpriese Admin" group

LVL 42

footechCommented: 2012-12-23

Unless your domain functional level is 2008 you can only have one password policy for all users. If the level is 2008+, then you can utilize fine-grained password policies to apply to different users.
http://blogs.technet.com/b/seanearp/archive/2007/10/06/windows-server-2008-fine-grained-password-policy-walkthrough.aspx