Re: PwdLastSet
- From: "Paul Bergson" <pbergson@xxxxxxxxxx>
- Date: Sat, 4 Mar 2006 18:14:11 -0600
This is news to me. I have been told passwords aren't impacted until they
are changed.
--
Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
http://www.pbbergs.com/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:eIHfsi%23PGHA.4952@xxxxxxxxxxxxxxxxxxxxxxx
The 90 day policy would apply immediately, it checks the pwdLastSet and if
> 90 days, the account is expired, regardless of when they last changed
their password or when the policy was set.
If an account isn't expiring it is one of a few things
1. The account is personally configured not to expire
2. The DC the users are authenticating against is not using the same
policy as the rest of the domain because something is broken.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Paul Bergson wrote:
If they had a password and then the policy was changed to 90 days from
some longer timespan or never expire the 90 day policy won't be applied
until they next change their password.
.
- Follow-Ups:
- Re: PwdLastSet
- From: Joe Richards [MVP]
- Re: PwdLastSet
- References:
- Re: PwdLastSet
- From: Joe Richards [MVP]
- Re: PwdLastSet
- Prev by Date: Re: Query Active Directory, Upcoming Expired Accounts
- Next by Date: Re: AD distribution and security group usage
- Previous by thread: Re: PwdLastSet
- Next by thread: Re: PwdLastSet
- Index(es):
Relevant Pages
|
