General discussion


Password age

By rrockwell ·
In AD if the max age policy is "not defined", is the password age counter running? So if I change the max age setting to 45 days, will it force passwords older than that to change immediatly or will it take 45 days to take affect?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by hitchcock4 In reply to Password age

I believe that the counter "is running". Any passwords older than 45 days would not be forced to be changed, but might already be expired.

Go to the following page
and download the utility called "Password age"

Collapse -

by curlergirl In reply to Password age

No, it is not running. Once you set the parameter, then it starts aging your passwords. If you want to force people to change their passwords at the same time that you set the age parameter, then you have to set it in their user ID properties to require them to "change password at next logon". Hope this helps!

Collapse -

by Joseph Moore In reply to Password age

synergy/dlo is right!
When the password expiration is not enabled, then passwords do age (you can use a tool like Dameware NT Utilities to see just how old the passwords are) but they, of course, do not expire.
Once you enable password expiration, those original unexpired passwords are STILL valid and are immune to the password expiration setting! So, if you turn on the 45 day expiration on Monday, and then expect you users to have new passwords on Tuesday, then just keep waiting! The users will NOT get a "your password has expired" message. The password expiration will only take effect on NEW passwords made AFTER the password expiration has gone into effect.
So, the steps to make this work are to a) turn on the 45 day -- or however many days you want -- password expiration, then b) enable the "user must change password on next logon" option.
Then the users, on the next time they log in, will be prompted to change their password. They change it, and then that password, and all subsequent passwords, will fall under the password expiration setting.

hope this helps

Related Discussions

Related Forums