<div>
<div class="content wysiwyg-content">
Scenario is existing environment with 2 2003 domain controllers that have had no password policy in the past and most users were set individually over several years to not be able to change passwords and for password not to expire.<br />
<br />
Password policy was set for complexity, remember 6 passwords and maximum password age 15 days and minimum 0 days.<br />
<br />
The plan was to give everyone a couple weeks to reset their passwords; however instead it started forcing users to reset passwords immediately.<br />
<br />
Does minimum and maximum start counting down from policy initialization or from original account creation? I ask because the max number is 999 that can be assigned to the max password age and some of these accounts have been around much longer than that and will all be forced immediately regardless of setting if that is the case. <br />
<br />
Any suggestions on how to give all domain users 2 weeks to change password without having to manually intervene in 2 weeks to force them?
</div>
</div>


Scenario is existing environment with 2 2003 domain controllers that have had no password policy in the past and most users were set individually over several years to not be able to change passwords and for password not to expire.

Password policy was set for complexity, remember 6 passwords and maximum password age 15 days and minimum 0 days.

The plan was to give everyone a couple weeks to reset their passwords; however instead it started forcing users to reset passwords immediately.

Does minimum and maximum start counting down from policy initialization or from original account creation? I ask because the max number is 999 that can be assigned to the max password age and some of these accounts have been around much longer than that and will all be forced immediately regardless of setting if that is the case. 

Any suggestions on how to give all domain users 2 weeks to change password without having to manually intervene in 2 weeks to force them?

Default domain password policy

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.