+ 0 Votes Policies p.j.hutchison 7 years ago Where did you set the policy? really password policies should only be set in the 'Default Domain Policy' and no where else.You cannot use a different password policies elsewhere, it applies to the whole domain or no where. + 0 Votes refresh policy dma69593 7 years ago Have you used the GPUDATE to refresh the policy once you made changes? + 0 Votes Domain Policy & GPUpdate s.green 7 years ago The password policy is not set in the Default Domain Policy but is set in a policy that is applied at the domain level. I have used gpudate /force and allowed time for the DCs to replicate. Then I have confirmed which DC authenticated the loggon (using NLTest) but the GPMC results don't match the policy displayed on the user and computer tab additional account information that is displayed when altools acctinfo.dll is added. + 0 Votes Domain password date and policy klewis 6 years ago We've seen those add-in tools display incorrect information in regards to the user account's password expiration date. For some reason it does not work reliably in 2003 domains.If you would like to try something that will show you the accurate date and info for all of your user accounts, as well as provide proactive email alerts to users with expiring passwords, visit our site http://www.sysoptools.com and download Password Reminder PRO. It is totally free to use for two months, which should allow you time to use it to help you troubleshoot issues.We also have a completely free tool called AD Query that lets you search user objects and displays all of their configured schema data in an easy to read console- Including friendly conversion of binay date / time tick values that are normally unreadable. + 0 Votes solution s.green 6 years ago Thanks I'll look atthe tool syou mentioned.We have solved the problem we had to set the DC passwords with a local policy. Since then all the issues have gone. GP should over write local policy but in this case they conflicted + 0 Votes Solution- klewis 6 years ago No problem, glad to help.We have some excellent white papers on the lower half of our website support page http://www.sysoptools.com/support.html that discuss how the password policy functions in AD, how to properly set it in the domain's policy hierarchy, and 'best practices' for the expiration policy itself. The white papers are from Microsoft Sr. technical advisors and are very good reads.We also have a whitepaper on how to successfully deploy a password change policy in an existing domain while minimizing impact to users. These resources should be of some help- + 0 Votes refresh policy dma69593 7 years ago Have you used the GPUDATE to refresh the policy once you made changes?