In the past, I have simply enabled 'user must change password at next logon' as part of the user creation process.
The user will then be *forced* to change his/her password at next (i.e. first) logon and cannot continue to work until that pw change has been actioned. Thanks, Neil PS I am assuming that you did *not* set the above flag when creating users. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 05 October 2004 04:12 Subject: [ActiveDir Digest] --------------------------------------------------------- Subject: [ActiveDir] Minimum Password Age Date: Mon, 4 Oct 2004 08:54:27 -0600 From: "Travis Riddle" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Our password policy is set up as follows: Minimum 8 characters Remember 6 passwords Maximium Password Age 90 days Minimum Password Age 15 days Require Complex passwords Windows 2003 3 Sites GC at each site So we just created approximatly 50 new users and assigned them a semi-generic passowrd that they need to change upon login. The problem is they cannot change their password upon login because it hasn't been 15 days since the password was created (I assume). Is this by design? If so how do you get around it? How am I suppose to create new users in the future if this is the case (besides creating them 15 days in advance) My first guess at a solution to this problem is to change the minimum password age to 0, allowing users to change their password immediately. I tried this and forced a refresh on the machine policy with no luck. Does anyone have any ideas of what to do? I now have 50 users that were suppose to be able to be working today not able to log in unless we change their password to NOT change upon login (so they all have the same easy to use password). Am I missing something simple? Any idea's are appreciated. Thanks, Travis --------------------------------------------------------- Subject: RE: [ActiveDir] Minimum Password Age Date: Mon, 4 Oct 2004 11:33:01 -0400 From: "Rick Boza" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] This is a multi-part message in MIME format. ------_=_NextPart_001_01C4AA27.CA1C8B32 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Nope, it shouldn't work like that. I just tested it in fact with your = settings and the result I get is what I expected - they are prompted = with a message that "they are required to change their password at first = login." The password change then works fine. =20 What error are they getting? Any events on the DCs? ________________________________ From: [EMAIL PROTECTED] on behalf of Travis Riddle Sent: Mon 10/4/2004 10:54 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Minimum Password Age Our password policy is set up as follows: Minimum 8 characters Remember 6 passwords Maximium Password Age 90 days Minimum Password Age 15 days Require Complex passwords Windows 2003 3 Sites GC at each site So we just created approximatly 50 new users and assigned them a semi-generic passowrd that they need to change upon login. The problem is they cannot change their password upon login because it hasn't been 15 days since the password was created (I assume). Is this by design? If so how do you get around it? How am I suppose to create new users in the future if this is the case (besides creating them 15 days in advance) My first guess at a solution to this problem is to change the minimum password age to 0, allowing users to change their password immediately. I tried this and forced a refresh on the machine policy with no luck. Does anyone have any ideas of what to do? I now have 50 users that were suppose to be able to be working today not able to log in unless we change their password to NOT change upon login (so they all have the same easy to use password). Am I missing something simple? Any idea's are appreciated. Thanks, Travis List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: = http://www.mail-archive.com/activedir%40mail.activedir.org/ ============================================================================== This message is for the sole use of the intended recipient. If you received this message in error please delete it and notify us. If this message was misdirected, CSFB does not waive any confidentiality or privilege. CSFB retains and monitors electronic communications sent through its network. Instructions transmitted over this system are not binding on CSFB until they are confirmed by us. Message transmission is not guaranteed to be secure. ============================================================================== List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/