AD 2003 password expiration/complexity question

From: "Jimmy D" <NOSPAM_jjd228@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 Jan 2006 12:09:15 -0500

if my domain policy says maximum password age is zero days (passwords never
expire) and i change it to an arbitrary number, say 10, and all accounts are
older than a month or more, will ALL accounts immediately have expired
passwords? in other words does this policy begin counting password age WHEN
YOU ENABLE IT? or is it always counting even when its not enabled?

and second, if "passwords must meet complexity requirements" is not enabled
and all accounts have passwords like "dog" or "cat", when i enable
complexity requirements will all users immediately have to change their
password? how does this behave?

Third, i was told there are differences in what a "complex password" is
between win 2000 and 2003 domains, is this the case?

thank you!

.

Follow-Ups:
- Re: AD 2003 password expiration/complexity question
  - From: Paul Williams [MVP]

Prev by Date: RE: Need help please, upgrading servers/dc next weekend...
Next by Date: EDS and AD
Previous by thread: Need help please, upgrading servers/dc next weekend...
Next by thread: Re: AD 2003 password expiration/complexity question
Index(es):
- Date
- Thread

Relevant Pages

Re: Password Expiration Question
... Password Age policy setting is enabled or not. ... attribute up to the current date for all accounts. ... This gives you some control over which accounts expire when. ...
(microsoft.public.windows.server.security)
Re: Password age
... You didn't change it in the default domain policy. ... The users are logging into local accounts, ... Joe Richards Microsoft MVP Windows Server Directory Services ... > i set in domain security policy the maximum password age to 180 days in ...
(microsoft.public.security)
Re: AD 2003 password expiration/complexity question
... > if my domain policy says maximum password age is zero days (passwords ... expire) and i change it to an arbitrary number, say 10, and all accounts are ... complexity requirements will all users immediately have to change their ...
(microsoft.public.windows.server.active_directory)
Re: AD 2003 password expiration/complexity question
... >> if my domain policy says maximum password age is zero days (passwords ... > expire) and i change it to an arbitrary number, say 10, and all accounts ... > When you enable complex passwords they are enforced the next time you ...
(microsoft.public.windows.server.active_directory)
Re: Logon Message (Password)
... Sounds like there is a maximum password age ... set in either the local or domain policy. ... > Logon Message ... > I have only two accounts, ...
(microsoft.public.windowsxp.security_admin)