I'm trying to explain to our tech's how domain user password expirations are set up.
From what I'm seeing, from a 30,000 foot level, here's how it may work:
The User account can have the account options so the password set.to never expire in AD.
There is no password maximum age setting here.
The maximum age for passwords on a Computer can be set by GPO(s).
So, what happens if a user logs onto a computer with account setting of "password to never expires" in AD but has an age that's exceeds what's set in the Computer? What happens?