Link to home
Start Free TrialLog in
Avatar of elchermans
elchermansFlag for Canada

asked on

Active Directory - Administrators Password

Environment: Active Directory 2003 on Server 2003 SP2.

We know we can have only one Account policy in 2003, but we manually asked all Admins to use 16 chars complex password. Now the challenge is how we can force users to change their passwords after certain days. Not sure if this can be achieved using script which would prompt users to change password? Looking for a solution other then moving to server 2008
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

You can use maximum password age in the PW policy.

http://technet.microsoft.com/en-us/library/cc736566(v=ws.10).aspx

Thanks

Mike
ASKER CERTIFIED SOLUTION
Avatar of uescomp
uescomp
Flag of Afghanistan image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of elchermans

ASKER

Looking for a solution for a group of users not for whole domain.

Want my administrators to change password every 20 days compared to account/password policy which says 90 days
It's a group policy

Computer settings => Windows settings => Security => Password settings

90 days is the maximum password age , in the same tab it's also possible to enforce the password history and if password complexity should be activated.

Also check out the link for password best practices

http://technet.microsoft.com/en-us/library/cc784090(WS.10).aspx