Jeremyricci
asked on
2k3 AD Domain applying secure password policies - what to expect?
all,
I have what is probably a stupid question so forgive me. Our domain has never enforced password changes or password complexity requirements. As we've grown we've realized the need for such policy. We're planning this change for the near future and I want to ensure that we don't suddenly have 1000+ users all needing to change their password simultaneously.
If we set the maximum password age at 90 days (for example) with complexity etc and then enforce the domain password policy, is that going to essentially "start the timer" for our users or will most of them (who've been here longer than 90 days) suddenly be non-compliant and be forced to change their password the next time they log in? That's the situation we'd like to avoid if possible.
Any help would be appreciated!!!
I have what is probably a stupid question so forgive me. Our domain has never enforced password changes or password complexity requirements. As we've grown we've realized the need for such policy. We're planning this change for the near future and I want to ensure that we don't suddenly have 1000+ users all needing to change their password simultaneously.
If we set the maximum password age at 90 days (for example) with complexity etc and then enforce the domain password policy, is that going to essentially "start the timer" for our users or will most of them (who've been here longer than 90 days) suddenly be non-compliant and be forced to change their password the next time they log in? That's the situation we'd like to avoid if possible.
Any help would be appreciated!!!
Thomas Zucker-Scharff
We run a 2003 R2 server as our AD login verification. I have the password policy set for 90 days expiry. If I recall correctly, it's been a long time since I set it, it started the clock. But that still means that 90 days from the start date everyone will have to change their passwords. It is fairly easy to do and they are given notice I believe 2 weeks in advance (encourage people to start changing their passwords/passphrases as soon as they get the notice).
They will expire immediately if older than 90 days.
ASKER
McKnife, I don't follow. Are you saying if we were to use 120 days or even 180 days, all the passwords will expire immediately but that will not happen if we use 90 days?
If so, do you know why that would be? That seems crazy
If so, do you know why that would be? That seems crazy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Since what Thomas remembered was not correct, it should not be selected as answer.