Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password history settings in GPO seems not propagated

Status
Not open for further replies.
libroos

libroos

Technical User
Feb 16, 2001
195
SG
Hi,

Recently (two months ago), there's an update to the password expiry in domain policy from 30 days to 60 days. Users are listed directly under the Users folder in the main office.abc.com forest. They should follow the domain policy.

However, there are a lot of users whom reported that they still need to change password every 30 days. I've checked the ADUC, the domain policy and it's 60 days.

How do I go about applying the 60 days password expiry to all users?

Pls advise. Thks.

Rgds,
libroos
 
Sort by date Sort by votes
Thx John. I've used Hyena to view the account info for the reported users and it's true.

I've checked the domain policy, it's 60 days,however end users are still at 30 days.
 
Upvote 0 Downvote
Unless I am mistaken, I believe that the policy won't take effect on those users until AFTER they reset their password. Their expiration dates were already set in AD when you increased the time frame.

Simple enough to verify. Have one suer change their password and check the new expiration date.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Thx Mark.

It's still the same. After tested on one of end-users account, the password expiry is still 30 days, though the GPO, domain policy is still showing 60 days.

I've also run gpupdate.exe on end-user's workstation, but still the same.

I may be testing out on no over-ride policy and put some test users into the OU for testing.

Rgds,
libroos
 
Upvote 0 Downvote
Where did you apply this policy? It only works at the domain level not at an OU.

John
 
Upvote 0 Downvote
Forest. I've checked both domain security policy and the domain policy. It's 60 days, however, end users are still using 30 days.

Strange.

Why is that so?
 
Upvote 0 Downvote
Sounds like the registry is tattooed on a PC. Try manually deleting the policies from the registry on the workstations and then do a gpupdate /force.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
271
technome
technome
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
972
gbaughma
gbaughma
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
473
microsGuy16
microsGuy16
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
521
Aquiles Vidal
Aquiles Vidal
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
905
mangentle
mangentle

Part and Inventory Search

Sponsor

Back
Top