Re: Password aging
- From: "Newbie" <newbie@xxxxxxxxxxxxxxxx>
- Date: Wed, 26 Aug 2009 14:52:06 -0400
Just thinking out loud here, I was using the ldp.exe tool and browsing for attributes, what if I change this attribute: "pwdLastSet" for everyone to within 90 days before we turn on the policy. This way, not everyone will expire the same time. Will there be any side effects doing this?
Thanks.
"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx> wrote in message news:eBt%23cqMJKHA.3632@xxxxxxxxxxxxxxxxxxxxxxx
They won't be notified. I would suggest downloading a program provided by Jorge and running this for expiration notification.
http://blogs.dirteam.com/blogs/jorge/archive/2008/07/20/notifying-users-by-e-mail-their-password-is-going-to-expire.aspx
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Newbie" <newbie@xxxxxxxxxxxxxxxx> wrote in message news:O58m0qLJKHA.1376@xxxxxxxxxxxxxxxxxxxxxxxThank you for all responses. We have many laptop users using VPN. When they first login to the laptop, they'll use the cached credentials, then they may login to VPN, if their password is set to expire, will they get a prompt to change password in a middle of a session? Or will the system set a flag next time when the system is rebooted?
If it's set to change pwd on next reboot, they won't be able to change as the laptop will not be connected to the corporate network at the time. How should this be handled?
Thanks again for your help.
"Paul Bergson [MVP-DS]" <pbbergs@xxxxxxxxxxxxxx> wrote in message news:OIoRkDbIKHA.2516@xxxxxxxxxxxxxxxxxxxxxxxDepending on how many users you have you may want to tread lightly. If no one has ever changed there password and they are all over 90 days you could end up flooding your help desk with phone calls.
Your password change policy will take effect once the password has aged out and yes the local never expires will over for your service accounts.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Newbie" <newbie@xxxxxxxxxxxxxxxx> wrote in message news:%23JuBkBaIKHA.1492@xxxxxxxxxxxxxxxxxxxxxxxWe'll be implementing password aging soon, if a user never changed the AD password for 1 year, I set the maximum age to 90 days. Will the password be expired the day the policy is enabled? Or it will be 90 days once the policy is set?
For all service accounts, if I check off "Password never expires", this will override the setting set by domain policy?
Thanks for your input.
.
- Follow-Ups:
- Re: Password aging
- From: Joe Kaplan
- Re: Password aging
- References:
- Password aging
- From: Newbie
- Re: Password aging
- From: Paul Bergson [MVP-DS]
- Re: Password aging
- From: Newbie
- Re: Password aging
- From: Paul Bergson [MVP-DS]
- Password aging
- Prev by Date: Re: Enterprise Read Only Domain Controllers and Read Only Domain Controllers Groups
- Next by Date: Re: AD Sub-Domain
- Previous by thread: Re: Password aging
- Next by thread: Re: Password aging
- Index(es):
Relevant Pages
|
