AD User Passwords expiring without any notifications?
Did you set the policy for warning them of password expiration? Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> Interactive logon: Prompt user to change password before expiration
Here set the number of days (default is 14) before users start getting warnings that their password will expire...
I hope this helps.
Related videos on Youtube
06 : 38
01 : 52
07 : 39
05 : 21
02 : 29
scooter133
I guy trying to muddle his way through creating a iPad application. Hoping to remove his mortgage from the list of debts.
Updated on September 18, 2022Comments
-
scooter133 over 1 year
We setup password Policies in Active Directory to Expire peoples passwords after so many days. Well it looks like the time has come for the Expiration of the Passwords and people are getting locked out...
There has been no warning of user passwords about to expire. They just come in to work and they cannot log in, the phones no longer connect, nothing. Reset the password and all is good.
Some of the users are locked out, though most are not, they just cannot log in.
On setting the password Expiration, I didn't see anything about nor warning the users of the impending expiration. Seems like it used to warn you 15 days or so before it would expire.
Clients range from: WinXP, WinVista, Win7 and Server 2008R2 Remote Desktop Services.
How can I make sure my users are warned of the Expiration?
Resultant Set of Policy for User that was not prompted:
Account Policies/Password Policy Policy Setting Winning GPO Enforce password history 10 passwords remembered Default Domain Policy Maximum password age 270 days Default Domain Policy Minimum password age 0 days Default Domain Policy Minimum password length 4 characters Default Domain Policy Password must meet complexity requirements Disabled Default Domain Policy Store passwords using reversible encryption Disabled Default Domain Policy Account Policies/Account Lockout Policy Policy Setting Winning GPO Account lockout duration 20 minutes Default Domain Policy Account lockout threshold 5 invalid logon attempts Default Domain Policy Reset account lockout counter after 15 minutes Default Domain Policy Local Policies/Audit Policy Policy Setting Winning GPO Audit account logon events Failure Default Domain Policy Audit account management Success, Failure Default Domain Policy Audit directory service access Success, Failure Default Domain Policy Audit logon events Failure Default Domain Policy Audit policy change Success, Failure Default Domain Policy Audit privilege use Failure Default Domain Policy Local Policies/Security Options Interactive Logon Policy Setting Winning GPO Interactive logon: Prompt user to change password before expiration 7 days Default Domain Policy-
Zoredache about 12 yearsWhat client OS are you using? Like are you using Mac OSX or something? Or recent versions of Windows?
-
scooter133 about 12 yearsI edited the Question to add the Clients, but they are all Windows Clients. The few Mac's I'm not worried about. Clients range from: WinXP, WinVista, Win7 and Server 2008R2 Remote Desktop Services.
-
Zapto over 11 yearsAre these users logging out at night? We had the same issues as the users were just locking there PC.
-
-
Eric Segovia about 12 yearsI believe that the password expiration notice will only display on clients that are Vista and above while offline. XP and previous gave the user the choice "Would you like to change it now?" which does not work if they are not currently connected, so they only show the message when "online." With Vista and later, the "Password will expire in XX days" message is displayed, but the user has to ctrl-alt-delete to change the password, which will not work "offline."
-
scooter133 about 12 yearsI did a resultant Set Of Policy on the User that just complained of no warning. He's Windows 7. Reminder set at 7 Days. Brought his PC to Office, LAN Line Connected and could not log in.
