Re: Domain account policy

From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
Date: Fri, 20 Jul 2007 03:53:38 +0100

Hi
Assuming the change for password expiration to 90 days:
Anyone who last changed their password 90 or more days ago will be expired
when you implement the policy. If you have not expired passwords in the
past, this could expire most users.
The password expiration is calculated by comparing the policy to the
pwdLastSet attribute and checking the current time and date at the point of
authentication.
- password last changed date + maximum password age.

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services
"Nerd" <Nerd@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5D496763-E78C-4CB6-8722-9DEB001A8A50@xxxxxxxxxxxxxxxx

We are preparing to implement a domain account/lockout policy in our
Windows2003 sigle domin. How does the policy take effect, such as password
length, complexity, age etc. Will the policy take effect right away and
ask
all users to make the changes next time they login or do I have to force
password change for several users each time so the policy starts enforcing
at
different times

Prev by Date: Re: DNS Zone Transfers
Next by Date: [Help] How to change the IPaddress for production ADC
Previous by thread: Re: DNS Zone Transfers
Next by thread: Re: Domain account policy
Index(es):
- Date
- Thread

Relevant Pages

Re: Password never expires-cant force user to change password
... Password policy on the domain for domain users is all or nothing. ... You want to implement a new password expiration policy. ... > Expire your departments manually. ... I'm just not a very good script writer and am not very confident. ...
(microsoft.public.windows.server.active_directory)
Re: Active Directory Expiration Notification
... a map of all attributes that can be set via the policy files agaiinst the ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... message to the user that their password is about to expire. ... Password expiration is determined by the domain password expiration ...
(microsoft.public.windows.server.active_directory)
Re: Default Domain Policy - Password Policy
... And you probably want to set them all to change password at next logon BEFORE you expire all the passwords by changing the max age. ... I will change the Maximum Password Age = 365. ... last set for each user account. ... is there a domain-wide policy setting to expire all ...
(microsoft.public.windows.server.active_directory)
Re: Password Policy Enforcement Question
... time they try to change their Password (regarding to complexity option). ... For example if you change the password expiration to 60 days, ... implement the policy. ... could expire most users. ...
(microsoft.public.windows.server.active_directory)
Re: Password never expires-cant force user to change password
... Password policy on the domain for domain users is all or nothing. ... You want to implement a new password expiration policy. ... > Expire your departments manually. ...
(microsoft.public.windows.server.active_directory)