I have what is probably a stupid question so forgive me. Our domain has never enforced password changes or password complexity requirements. As we've grown we've realized the need for such policy. We're planning this change for the near future and I want to ensure that we don't suddenly have 1000+ users all needing to change their password simultaneously.
If we set the maximum password age at 90 days (for example) with complexity etc and then enforce the domain password policy, is that going to essentially "start the timer" for our users or will most of them (who've been here longer than 90 days) suddenly be non-compliant and be forced to change their password the next time they log in? That's the situation we'd like to avoid if possible.
Any help would be appreciated!!!