asked on

Microsoft Active Directory Password Account Policy set

I have a 2008 Active Directory. I am changing my domain user Account Password Policy. for a year the "Max password age" and Min Password age" wasnt set and I would like to change the max=90 and min =2.

If I change the settings, will the end user require to change their password right away? or the AD will prompt to change in 90 days?

My plan is to turn on the 90 day rule to change the user password but does not require to change their password now. How do I accomplish that? please advise.

Thank You
Collin

jkaios

As far as I know, setting that policy will take effect right from the moment it is set and saved so that means the user will be prompted to change his/her password after the 90-day lapsed. But in any case, I would just try it and see if that's true and note it, and you can always revert the setting back to where it was before.

Collin Mendoza

ASKER

I enable the 90 day rule and immediately prompt the user that the account expired when trying to login.

Did I missed something ?

jkaios

It may be because your Minimum password age threshold is too low, so try setting it to a higher number like 7 or 14.

Collin Mendoza

ASKER

When does the password policy takes effect if I set the max age = 90 and min age = 2+?

Does the user require to change their password on next login or close to 90 days?

SOLUTION

jkaios

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Collin Mendoza

ASKER

What if the user account pwdlastset has a date of 2011, if I enable the 90 day rule today, will the user be prompt to change their password on next login?

Is there a way to reset the pwdlastset for all user to today's date?

ASKER CERTIFIED SOLUTION

dan_blagut

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial