AD password expiration warnings are gone

We changed, our password policy to change password every 60 days.
But the users are not getting the pop-up to let us know a few days ahead to change the PW.

Some users get the pop-up and some don't.
I noticed in the 'default policy' on the DC, that:  Interactive Login:  prompt user to change PW before expiration'  is not enabled.

Does that have to be enabled, and why are some users getting the pop-up and others are not?


We have Server 2003 DC's.
Who is Participating?
Santosh GuptaConnect With a Mentor Commented:
Strange !!!

Do you have the GPMC console installed, if yes then check from their.

run DCDIAG /V and see the erros.
Santosh GuptaCommented:
please run the RSOP.MSC and see if policy is applying to users.
It may be because some of your users don't log off. The prompt would appear when they login so if they never log off then they may never see the warning.


Also, have you manually ran a group policy update on the users computer?

gpupdate /force
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

techgeniousAuthor Commented:
I ran RSOP.msc and under 'Source GPO' it is blank meaning this is not set at the DC, default   domain Policy.

the user has logged off and logged on.   Still no message.
I also check:
-- Default Domain Controller Security Settings [blank]
-- Domain Security Policy [blank]

The above two on the DC.

Could it be it is set on the users computers:  Local Policies > security options?
Santosh GuptaCommented:
what do you mean by blank ?? seems policy is not set or reset to default.

pls expand the "Domain Security Policy" and verify these policies are there.

Also check
 Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration.
is configured.
techgeniousAuthor Commented:
This is 2003 DC's, picture does not appear the same.

techgeniousAuthor Commented:
Okay I will check it out, remember this is server 2003 DC's.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.