General discussion

Locked

Enable password policy on domain

By certboy21 ·
Hi,

my current AD enviro is does not have a password policy in place. I intend to create a 60-day password GPO and link it to the domain container. But by doing so, all user accounts will face password expiration the next day as they have been using the same password for quite some time.

Is there any way to enable password GPO without having the users's pwd expire the next day? The countdown should start from 0 the moment I link this GPO and not expire the user's password immediately.

I know of AD tools but unsure of which one to use and which particular value to look for to reset. Advice greatly appreciated!

This conversation is currently closed to new comments.

14 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

by certboy21 In reply to Enable password policy on ...

To : blowtoad : Thanks but in fact I did consider it before. Sad thing is because an external IT audit is coming prob in < 60 days and the mgt wants the policy in place bf the audit. They want it 'painless' for the users too (user-pampering culture). Anyway if there are really no solution I would then persuade mgt to adopt the 2nd option as suggested in the nxt port. Cheers!

To : Synergy : I will persudae the mgt to adopt the 2nd option is there are really no way to 'reset' to a starting point. Cheers!

To : CGIT : Running on Windows 2003. Domain Functional Level is Windows 2003

Collapse -

by certboy21 In reply to Enable password policy on ...

I think I have found the solution to my answer;

Option 1: Apply the policy first. Then by opening up the each/select all user properties in AD Users and Computers, check User must change password at next logon -> Apply -> uncheck User must change password at next logon, their password last set date will be reset to the current date.

Option 2 : Use a vbs script to do Option 1, by changing the pwdlastset value to -1.

Rf : //www.mail-archive.com/activedir@mail.activedir.org/msg09819.html">http://www.mail-archive.com/activedir@mail.activedir.org/msg09819.html

Collapse -

by certboy21 In reply to Enable password policy on ...

This question was closed by the author

Collapse -

by certboy21 In reply to Enable password policy on ...

This question was closed by the author

Back to Windows Forum
14 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums