Now if you want to set a policy for say 91 days but
everyone's password is over say 150 days, you can either get to 91 days by
starting with a high policy age and slowly decrease it or you can manually
expire people so they have to change and then once they all get changed, set
your policy. To do the latter, check out expire on my website - free win32 tools
of www.joeware.net. It will allow you to
specify userids and minimum passwords ages for expiration. That way you can do
it in some sort of controlled fashion and if someone recently changed their
password (say after you gathered your list of who to change), it won't touch
them unless you set the minimum password age very low.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M.
Sent: Friday, May 14, 2004 11:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] consequences of setting password expiration lengt h
Thanks, Al!
-----Original Message-----
From: Mulnick, Al [mailto:[EMAIL PROTECTED]
Sent: Friday, May 14, 2004 10:29 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] consequences of setting password expiration lengt hDepends on which part of the process you're concerned about. Will the passwords expire at the same time? Not necessarily. They'll all expire at the interval of password expiration based on pwdLastSet. To play that out, if user 1 last set her pwd yesterday, she has until pwd expiration interval from yesterday. If user2 last set his pwd two weeks ago, he'll get the notification pwd expiration - 2 weeks.So, unless all accounts just had their pwd set at the exact same time, then no, they won't all get their pwd notification at the same time. They'll get it when they next meet the criteria. To be more articulate in your admins case, they will all expire at the same time *interval* vs. the same exact moment in time. Not that it matters for most domains, but...Al
From: Thommes, Michael M. [mailto:[EMAIL PROTECTED]
Sent: Friday, May 14, 2004 11:04 AM
To: Active Directory Mailing List (E-mail)
Subject: [ActiveDir] consequences of setting password expiration lengthHi Folks,I apologize for the question since I think it has been battered around in one form or another but I can't seem to find the answer. The question: a related company root admin wants to see a password expiration length time on a W2K domain. He is worried that everyone's password will expire at the same time. Correct or incorrect? TIA!Mike Thommes
