You can also just mass select the accounts in ADUC, right click properties and hit the checkbox for must change password at next login. That is how I did our migration to more complex passwords. That let me do it a department at a time and control the help desk load.
From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, August 26, 2010 10:35 AM To: NT System Admin Issues Subject: Re: Minimum password length GPO Change the password age. :) That'll take impact rather quickly. ASB (My XeeSM Profile)<http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... Signature powered by <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> WiseStamp<http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=email&utm_campaign=footer> On Thu, Aug 26, 2010 at 9:48 AM, Ben Scott <mailvor...@gmail.com<mailto:mailvor...@gmail.com>> wrote: On Thu, Aug 26, 2010 at 9:42 AM, David Mazzaccaro <david.mazzacc...@hudsonhhc.com<mailto:david.mazzacc...@hudsonhhc.com>> wrote: > If a default domain policy GPO states "min password length is 7" and I > change it to "min password length 8"... what will happen to those users who > are currently using 7 characters? Password policy is enforced when a password is changed, not at logon. So existing passwords which do not meet password policy will continue to work. It would be nice to have an option to re-check passwords at logon and force a change if non-complaint with current policy, but that doesn't exist, AFAIK. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~