Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is there a way to have Windows Server 2008 R2 do a mass notificatioin of a change in the password policy?

Posted on 2015-01-28
3
Medium Priority
?
61 Views
Last Modified: 2015-02-12
We have set up a new password policy on a Windows Server 2008 R2 Domain. Part of that policy is to change there passwords after 90 days, but since all the users have existing passwords that are older than 90 days, the rule will initial right away, we think. We did a test today, and one user was not able to log into their workstation since the password policy had been applied to them. We had to go into ADUC and reset the password. Then the user could log into the Domain with the new password, but they were asked to change the password we had set. So, Is there a way to allow users to change the passwords on their own when the 90 day trigger hits, without the Domain admin having go into ADUC and reset each user? Thanks in advance. Joe W. \ Safe Harbor
0
Comment
Question by:zargf8ns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
ID: 40576482
Hi,
It should ask to change password if it expires, please check the user properties weather user allowed to change password or not?
Please check following link to reset password of all users at a time:
http://www.petenetlive.com/KB/Article/0000497.htm
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 40576483
This is a default mechanisum in Active Directory. When a users password expires they automatically get prompted to reset there password. The user can also change their own password at any time as well by press crtl+alt+del and choosing change password.

You can also use a 3rd party password self service product like SpecOps or Microsoft FIM. This will allow a user to also change there password if they have forgotten it or if they have locked their account out.

Will.
0
 
LVL 83

Expert Comment

by:David Johnson, CD, MVP
ID: 40576530
The usual rule is once an admin sets the password the user is prompted to change the password at next login (good security policy to keep as this way only the user knows their own password)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question