AD User Passwords expiring without any notifications?
Posted
by
scooter133
on Server Fault
See other posts from Server Fault
or by scooter133
Published on 2012-04-18T18:15:06Z
Indexed on
2013/06/24
16:25 UTC
Read the original article
Hit count: 384
active-directory
|windows-server-2008-r2
|password
|windows-authentication
|password-management
We setup password Policies in Active Directory to Expire peoples passwords after so many days. Well it looks like the time has come for the Expiration of the Passwords and people are getting locked out...
There has been no warning of user passwords about to expire. They just come in to work and they cannot log in, the phones no longer connect, nothing. Reset the password and all is good.
Some of the users are locked out, though most are not, they just cannot log in.
On setting the password Expiration, I didn't see anything about nor warning the users of the impending expiration. Seems like it used to warn you 15 days or so before it would expire.
Clients range from: WinXP, WinVista, Win7 and Server 2008R2 Remote Desktop Services.
How can I make sure my users are warned of the Expiration?
Resultant Set of Policy for User that was not prompted:
Account Policies/Password Policy
Policy Setting Winning GPO
Enforce password history 10 passwords remembered Default Domain Policy
Maximum password age 270 days Default Domain Policy
Minimum password age 0 days Default Domain Policy
Minimum password length 4 characters Default Domain Policy
Password must meet complexity requirements Disabled Default Domain Policy
Store passwords using reversible encryption Disabled Default Domain Policy
Account Policies/Account Lockout Policy
Policy Setting Winning GPO
Account lockout duration 20 minutes Default Domain Policy
Account lockout threshold 5 invalid logon attempts Default Domain Policy
Reset account lockout counter after 15 minutes Default Domain Policy
Local Policies/Audit Policy
Policy Setting Winning GPO
Audit account logon events Failure Default Domain Policy
Audit account management Success, Failure Default Domain Policy
Audit directory service access Success, Failure Default Domain Policy
Audit logon events Failure Default Domain Policy
Audit policy change Success, Failure Default Domain Policy
Audit privilege use Failure Default Domain Policy
Local Policies/Security Options
Interactive Logon
Policy Setting Winning GPO
Interactive logon: Prompt user to change password before expiration 7 days Default Domain Policy
© Server Fault or respective owner