Re: Password never expires-can't force user to change password
From: Marsha (Marsha_at_discussions.microsoft.com)
Date: 01/10/05
- Next message: emm360: "Locked out of Profiles and Users Directory"
- Previous message: Marsha: "Re: Password never expires-can't force user to change password"
- In reply to: Joe Richards [MVP]: "Re: Password never expires-can't force user to change password"
- Next in thread: Mental Floss: "Re: Password never expires-can't force user to change password"
- Reply: Mental Floss: "Re: Password never expires-can't force user to change password"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 10 Jan 2005 07:51:02 -0800
Please see my previous post. At this time, I am unaware of any other option
to control a domain password policy than at the user account level. If
anyone knows of another way, please let me know. We want to implement it OU
by OU or user by user is requested. This is the only method I know of at
this point.
"Joe Richards [MVP]" wrote:
> The mechanism for forcing a user to change password is a password expiration. It
> actually forces a zero into the pwdLastSet attribute. This forces the system to
> require a new password UNLESS the account is set to never expire.
>
> There is almost never a good reason to have an account set to never expire and
> tons of good reasons not to do it. You should probably reconsider your stance on
> having that set. It is usually only laziness that causes it to be set in the
> first place.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Marsha wrote:
> > I have a user's password set to never expire and Active Directory is telling
> > me that because of that, I can't force the user to change their password at
> > next logon. I understand the concept, but can someone verify that in fact if
> > a password never expires you can't force a password change? Is this how AD
> > handles passwords? Must there be a potential expiration date in order to
> > force a user to change their password? Thanks for the help!
>
- Next message: emm360: "Locked out of Profiles and Users Directory"
- Previous message: Marsha: "Re: Password never expires-can't force user to change password"
- In reply to: Joe Richards [MVP]: "Re: Password never expires-can't force user to change password"
- Next in thread: Mental Floss: "Re: Password never expires-can't force user to change password"
- Reply: Mental Floss: "Re: Password never expires-can't force user to change password"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
