AboutPricingCommunityTeamsStart Free TrialLog in
Avatar of tabush
tabush
 asked on

Enabling AD password policy - (ET)

I'm putting in a new active directory password policy (via group policy). One of the settings is max password age = 180.
When i enable this will it immediately expire (or at next GP update) any passwords that are over 180 days old?
Windows Server 2012Active Directory
Avatar of undefined
Last Comment
tabush
8/22/2022 - Mon
SOLUTION
Mahesh
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
tabush
ASKER
Our current policy is 365 days.
Mahesh
Then it will effect reversly
tabush
ASKER
meaning if a user hasnt changed their password in 250 days it will expire immediately?
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER CERTIFIED SOLUTION
Mahesh
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Mahesh
What you can do, you can configure FGPP with required config (90 days - this standard i follow rather than 180) if possible and target chunk of users (groups containing users) with this FGPP which enforce them to reset password, may be you can inform them in advance
Once you do all users in this way, then change default password policy expiration same as defined in FGPP
Since both policies are same, u would be fine
tabush
ASKER
thanks for the help. I found an AD attribute for last password change that i can modify.

The reason i dont want to expire right away is im using a tool that notifies users in the last 10 days of expiration and if it expires right away they dont get that notification beforehand.
Ill change the attribute to 170 days then implement this policy so they have enough warning that their password is expiring.
Mahesh
That will do the trick
By the way how u r resetting this value ?
Are u using any 3rd party tools
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
tabush
ASKER
i havent done it yet but i was planning on changing them manually.
I have a reporting tool that can tell me the password age for all users though. http://www.cjwdev.com/Software/ADTidy/Info.html
Plans and Pricing
Resources
Product
Podcasts
Careers
Contact Us
Teams
Certified Expert Program
Credly Partnership
Udemy Partnership
Privacy Policy
Terms of Use

© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent