Is there a Group Policy for password expiration?

Question

We've installed a new Domain Controller and at the same time upgraded all workstations to Windows 11. Since doing so we have a problem. When the user's password expires after the 90-day age, they get the usual dialogue saying "Your Password has expired" and asks for Password, New Password and Confirm Password. After entering all that and clicking the arrow beside "Confirm Password", it simply cycles back to the expired password dialog, forever. This happens for all users. The same thing happens if the user is marked 'User must change password at next login' in ADUC. I was told that this behavior is controlled by a Group Policy. If that's true, can you tell me what policy? This was a scratch installation of the AD/DC, so I doubt if any policies were pre-configured. I added several, but nothing to do with password.

Thanks --Mark

Answer 1

Hello，

Thank you for posting in Q&A forum.

Per your description:

1. Can not update the password from client to DC when the password is expiration
2. Can not change password from client to dc when the first logon

By my understanding, the issue is not at password policy. It is client cannot update the password to domain controller. And in your environment, the client can receive the infor from dc to know that their password is expired but cannot update to dc.

So I suggest you can try to using ping to test the connection, update action should using port 135 so you can also using telnet to test, command as below

Ping target IP

Telnet target IP port

Hope the answer is helpful

Best regards

Yanhong Liu

=====================================

If the answer is helpful, please click "Accept answer" and update it