Re: PwdLastSet

The 90 day policy would apply immediately, it checks the pwdLastSet and if > 90 days, the account is expired, regardless of when they last changed their password or when the policy was set.

If an account isn't expiring it is one of a few things

1. The account is personally configured not to expire

2. The DC the users are authenticating against is not using the same policy as the rest of the domain because something is broken.

joe





--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Paul Bergson wrote:
If they had a password and then the policy was changed to 90 days from some longer timespan or never expire the 90 day policy won't be applied until they next change their password.

.

Relevant Pages

  • Re: PwdLastSet
    ... If an account isn't expiring it is one of a few things ... The account is personally configured not to expire ... policy as the rest of the domain because something is broken. ... Joe Richards Microsoft MVP Windows Server Directory Services ...
    (microsoft.public.win2000.active_directory)
  • Re: Password expires for no apparent reason
    ... Sorry to be vague Harj. ... But - I want the passwords to never expire. ... policy that has set the values to what you see below meaning that users ... As Harj said Account lockouts could potentially be a problem as perhaps ...
    (microsoft.public.windows.server.active_directory)
  • Re: Security Alert: Windows 2000 Expired Password Vulnerability
    ... I have never seen a password expire for a windows user account where there ... You might check your policy again. ... I am not familiar with Norton vpn client but with the built in W2K/XP Pro ...
    (microsoft.public.win2000.security)
  • Re: password expiration
    ... If the userid is set to not expire, ... override any policy you set. ... >Joe Richards Microsoft MVP Windows Server Directory ... >> setting checked on the user account. ...
    (microsoft.public.win2000.active_directory)
  • Re: password expiration
    ... If the userid is set to not expire, that will override any policy you set. ... Joe Richards Microsoft MVP Windows Server Directory Services ... > setting checked on the user account. ...
    (microsoft.public.win2000.active_directory)
Loading