Password policy

[Guest]

If our current password policy does not have a maximum password age, and some
users have a password of over 90 days, and we implement a password policy
that has a maximum password age of 90 days, do those users have 90 days to
change their passwords, or since their passwords are older than 90 days are
they considered expired as soon as the password policy is put into effect?

thank you,

 

[Dave Shaw [MVP]]

the password policy begins from the time you create the policy.

If you want them to change thier passwords, you can modify the individual
accounts (via MMC or script) to force a password change.

-ds

 

[Guest]

Are you saying if I implement the policy today with a max password age of 90
days, and regardless of how old any of the user's passwords are, those
passwords will only expire in 90 days? I've done some testing in a child
domain, and the opposite seems to apply. I have the max age set to 4 days,
and all users whose password are more than 4 days old are being prompted to
change their password the first time they logged in after the policy was put
into place.