reactivate changing password policy
hello,
i've an issue in my environment as i consider it is a bug that my ex-manager decided to cancel the policy of changing the password for users every 42 days. and now we need to reactivate it again but i'm asking about the effect when i do that because we've 650 users. i'm asking if i activate this policy does it let all users change their password immediatly or it'll count 42 day and let users change it? my domain is win2012r2 and 2016
thanks
i've an issue in my environment as i consider it is a bug that my ex-manager decided to cancel the policy of changing the password for users every 42 days. and now we need to reactivate it again but i'm asking about the effect when i do that because we've 650 users. i'm asking if i activate this policy does it let all users change their password immediatly or it'll count 42 day and let users change it? my domain is win2012r2 and 2016
thanks
ASKER
many thnaks sirdragon for your replay, yes in my situation it's completly disable and equel the password never expired. so if i apply the policy for the default 42 days it'll ask all users to reset their passwor immediatly, am i right?
Thanks
Thanks
yes... if this was done prior to 42 days, all password will immediately expire.
ASKER
ok, is there a way to make this per groups because if i apply it on the whole environment it'll give bad feedback as i think, i just need away to reactivate this policy step by step
no unfortunately Password GPO is for the whole domain.
what you should do is have a mass mail sent to all users.. explain the situation and give them a specific date that they will need to do this.
if you have remote users, they may need a temp password if they use VPN or other solution to come in.
what you should do is have a mass mail sent to all users.. explain the situation and give them a specific date that they will need to do this.
if you have remote users, they may need a temp password if they use VPN or other solution to come in.
ASKER
many thanks sirdragon for your explnation.
no unfortunately Password GPO is for the whole domain.Not necessarily. Create a fine-grained password policy and phase it in with my phase-in tool
https://www.experts-exchange.com/articles/29716/Phasing-in-a-Group-Policy.html
https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad/
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
if it is now 42 and want to go to 30, anyone that is less that 12 days will have expired and needs to change it.
if you are going to 60... it will not affect anyone because they have another 18 days minimum to change it.
if you mean that the current password policy is "do not require password change" and noone changed for 6 months.... then they will all have expired.
so the policy change does not RESET the expiration of the password, it just "calculates the difference."