Changing password complexity on a Windows domain

Hi,

We're going to enable password complexity for our domain. We're going to ask users to change their password (make them complex) 2 weeks before making change. We will also do the same for any service accounts that aren't. Assuming all passwords have been changed we shouldn't notice anything when we do make change. Though i guess it will force password changes for accounts that have not changed passwords?  Sound Ok and/or are we missing anything? Any gotchas to be aware of?

Thanks
kswan_expertAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Though i guess it will force password changes for accounts that have not changed passwords?

The above statement is false. Setting a Password policy will not force users to change their passwords. Even if the user currently is using a password that is not as complex as the new policy they will be able to use this password until it expires and they are forced to change it.

The only way they will be required to create a new password with the password complexity applied is when it expires.

You can however force a password change for all users and then they will be forced to change the password and use the complexity policy. If you want to do this you need to force the users after you have made the policy change.

Any gotchas to be aware of?
Make sure that you are careful with Service Account passwords and that you update them accordingly for all places where they are being used. Also they should have their password set to "never expire".

Will.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
compdigit44Commented:
The following link shows how to force a password change on all user via the GUI and powershell..


http://www.top-password.com/blog/force-all-ad-user-accounts-to-change-passwords-at-next-logon/
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.