Password Policy

[Guest]

Hello,

I've applied a Password Policy on my domain. I currently have some users
which passwords were set to not expire via the account properties. These
accounts have been used for over a year now. My Policy enforces the complex
passwords policy, and I set the maximum password age at 60 days.

See questions below:

Will the users described above be prompted to change their Password the next
time they logon?

When I apply my Password Policy does that moment in which I apply the policy
start the 60 day counter for the users password or does this count begin at
the time the accounts last password change occured?

 

[Steven L Umbach]

Users that have password never expires in their user accounts will not be
subject to maximum password age policy and not be prompted for a password
change. When you apply a maximum password age policy, the counter takes into
account current password age and those passwords that are already older than
sixty days old, and not have their account configured for password never
expires, will have their password immediately expire and if the user is
already logged on they may have their account locked out or not be able to
access domain resources. a change in password policy, particularly when it
involves the enforcement of password complexity will be a big deal to most
of your users. If possible try to give users plenty of advanced warning and
specific examples of what will and will not work as a new password. ---
Steve