Seth Simmons
asked on
fine-grained password policy not working?
last week enabled fine-grained password policies to change password after 999 days. when I do a powershell query for password expiration, it now shows my password expires May 1, 2022. When I do Get-ADUserResultantPasswor dPolicy for my account it shows the correct password policy. However, when I login to vCenter, it says my password expires in 11 days (and has been decremental every day). When I view through 'net user' it shows my password expires in 11 days on February 2. How is that possible?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Why delete? The reason is that both methods don't know how to deal with PSOs, as said.
ASKER
then i would have expected a different outcome with vCenter
I expected that outcome. VCenter reads the classic policy just as net user does.
So what did you expect to happen? After 11 days, vcenter will not do anything since vcenter relies on AD, after all. Since your password is not expired in AD, nothing happens. Just as expected.
Again: the warnig in vcenter comes because vcenter tries to help you by reading out the (wrong) classical password policy. However, nothing happened after 11 days, because it's not vcenter that governs access, but AD and AD uses the correct policy.
So what did you expect to happen? After 11 days, vcenter will not do anything since vcenter relies on AD, after all. Since your password is not expired in AD, nothing happens. Just as expected.
Again: the warnig in vcenter comes because vcenter tries to help you by reading out the (wrong) classical password policy. However, nothing happened after 11 days, because it's not vcenter that governs access, but AD and AD uses the correct policy.
ASKER
yeah i was figuring that...i'll run it by vmware support