Solved

Is there a way to have Windows Server 2008 R2 do a mass notificatioin of a change in the password policy?

Posted on 2015-01-28
3
49 Views
Last Modified: 2015-02-12
We have set up a new password policy on a Windows Server 2008 R2 Domain. Part of that policy is to change there passwords after 90 days, but since all the users have existing passwords that are older than 90 days, the rule will initial right away, we think. We did a test today, and one user was not able to log into their workstation since the password policy had been applied to them. We had to go into ADUC and reset the password. Then the user could log into the Domain with the new password, but they were asked to change the password we had set. So, Is there a way to allow users to change the passwords on their own when the 90 day trigger hits, without the Domain admin having go into ADUC and reset each user? Thanks in advance. Joe W. \ Safe Harbor
0
Comment
Question by:zargf8ns
3 Comments
 
LVL 4

Expert Comment

by:Praveen Kumar Bonala
Comment Utility
Hi,
It should ask to change password if it expires, please check the user properties weather user allowed to change password or not?
Please check following link to reset password of all users at a time:
http://www.petenetlive.com/KB/Article/0000497.htm
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
This is a default mechanisum in Active Directory. When a users password expires they automatically get prompted to reset there password. The user can also change their own password at any time as well by press crtl+alt+del and choosing change password.

You can also use a 3rd party password self service product like SpecOps or Microsoft FIM. This will allow a user to also change there password if they have forgotten it or if they have locked their account out.

Will.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
The usual rule is once an admin sets the password the user is prompted to change the password at next login (good security policy to keep as this way only the user knows their own password)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now