prompt user to change password before expiration

Moe · Oct 1, 2003

We have Win2K DC/Active Directory. Users used to be
prompted to change their password before expiration date.
Now all of sudden the system doesn't prompt them any more.
I checked the setting (prompt user to change password
before expiration) It is set to 14 days at the domain and
local level.
Is there any other setting I have to set in order this
option takes effect?
What am I doing wrong?

Any help is appreciated

Steven L Umbach · Oct 1, 2003

Hi Moe. It sounds like you have done it correctly. I would try to change the setting
to maybe 15 days for domain policy and then run secedit /refreshpolicy machine_policy
/enforce on the domain controller. Then reboot a domain computer to see if the
"effective" setting changes to 15 days. Assuming it does, change it back to 14 days
on the domain controller to see if it helps. If nothing helps, run netdiag and dcdiag
on the domain controller and netdiag on one of the domain computers looking for any
failed tests that may be pertinent. Gpresult may help you track down the
roblem. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;321709
http://support.microsoft.com/default.aspx?scid=kb;en-us;250842

crouchie1998 · Oct 2, 2003

Check this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon

PasswordExpiryWarning (DWORD)

Change the number for this. Does it exist? If not, create
it

prompt user to change password before expiration

Moe

Steven L Umbach

crouchie1998