Joel Brown
asked on
Server 2008 R2 Active Directory
I have an internal application which links with AD for the password and I'm finding that when the password expires in the middle of the day this causes problems. Is there a way to always make the password expire at midnight regardless of when the user changes it. Say they set it today ( 6/11/2013 ) at 11:05am and the system then sets the password to expire three months down the road at 9/11/2013 at 11:05am ..... I would prefer the password actually be set to expire at 9/11/2013 at midnight .......
What I'm finding is the users wait till the last minute to change their password and then they can't log into our internal app or exchagne in the middle of the day because the system has expired their password in the middle of the day ........
THanks .....
Joel T Brown
What I'm finding is the users wait till the last minute to change their password and then they can't log into our internal app or exchagne in the middle of the day because the system has expired their password in the middle of the day ........
THanks .....
Joel T Brown
ASKER
@ peter197911 , I would totally agree with you but as a single support for 110 staff of which 22 are doctors its sometimes easier to put things in place that make " MY " life easier when you can't force others to do what they should ......
THanks ....
Joel
THanks ....
Joel
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You won't be able to do this as you can't modify pwdlastset. I feel your pain and have some possible workarounds
1. Use finegrained passwords (FGPP) to set the Dr/VIP/biggest complainers to expire less frequently Maybe if your policy is every 90 days use a FGPP for 180 days for them
2. This way is not recommended but set their passwords to never expire on their AD account...again not recommended.
Thanks
Mike
1. Use finegrained passwords (FGPP) to set the Dr/VIP/biggest complainers to expire less frequently Maybe if your policy is every 90 days use a FGPP for 180 days for them
2. This way is not recommended but set their passwords to never expire on their AD account...again not recommended.
Thanks
Mike
Part of the problem: Users should change their password.
I think you can use this example to the company to show the importance of changing your password when windows asks for it.
And the users will have the problems theirselves....