Re: AD 2003 password expiration/complexity question
- From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
- Date: Tue, 31 Jan 2006 17:57:04 -0000
> if my domain policy says maximum password age is zero days (passwords
> never
expire) and i change it to an arbitrary number, say 10, and all accounts are
older than a month or more, will ALL accounts immediately have expired
passwords? in other words does this policy begin counting password age WHEN
YOU ENABLE IT? or is it always counting even when its not enabled?
The next time the users logon they will be prompted to change their password
because it has expired. The calculation is done on the fly at logon. It is
not counted and stored.
> and second, if "passwords must meet complexity requirements" is not
> enabled
and all accounts have passwords like "dog" or "cat", when i enable
complexity requirements will all users immediately have to change their
password? how does this behave?
When you enable complex passwords they are enforced the next time you change
your password. You can continue to use the non-complex one until that time.
> Third, i was told there are differences in what a "complex password" is
> between win 2000 and 2003 domains, is this the case?
Not that I'm aware of. Although in 2003 this is on by default, whereas in
2k I don't believe it was.
--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net
.
- Follow-Ups:
- Re: AD 2003 password expiration/complexity question
- From: Jimmy D
- Re: AD 2003 password expiration/complexity question
- References:
- AD 2003 password expiration/complexity question
- From: Jimmy D
- AD 2003 password expiration/complexity question
- Prev by Date: Re: EDS and AD
- Next by Date: Re: Intranet Authentication for a webapp
- Previous by thread: AD 2003 password expiration/complexity question
- Next by thread: Re: AD 2003 password expiration/complexity question
- Index(es):
Relevant Pages
|
