Solved

fine grain policy and password expiration warning

Posted on 2014-03-05
4
1,532 Views
Last Modified: 2014-03-21
We have a fine grain password policy implemented in our domain (require password change every 90 days), That's working fine but now we need to inform users x days out that their password is going to expire.

If we set the domain GPO
interactive logon: Prompt user to change password before expiration
for 10 days will it see the expiration day in the fine grain password policy and inform users 10 days out that their password is going to expire? Or does this setting only work for the default domain password policy? If this setting does not work with fine grain password policy what options do we have for informing the users that their password is going to expire?
0
Comment
Question by:iamuser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 55

Expert Comment

by:McKnife
ID: 39908770
Should work with PSO ("fine-grained..."), too. Please take a test account, a test PSO and try it out.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 39911258
I saw all the attribute of PSO again but could not find similar that will remind that speicific FGPP user hence the GPO configured in Domain policy should work to FGPP users too
0
 
LVL 4

Expert Comment

by:michaelalphi
ID: 39911724
Hi Iamuser,
You can have check this password expiration reminder software which would be a good choice for you. By using this software, users will get notification through customized emails before their password is about to expire in X days.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39911930
Though you are using FGPP, the password is stored in active directory only

Now if you set GPO to prompt users for password expiration, it must apply to FGPP also as long as it is storing password in active directory

Mahesh
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question