Password policy GPO

Dias DT 21 Reputation points
2022-10-13T05:15:20.163+00:00

I need to enable GPO password security in order users could change change their password every 120 days.
In GPO I configured :
Max password age 120 days
Minimum password age 1 days
Min owd length 8 charaters
Compexity Enabled
Linked to the group users.

Seems okay everything, but it shows that users must change not after 120 days, but 42 days. Could you help me in this issue?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2022-10-19T03:22:02.347+00:00

    Hello DiasDT-8403,

    Thank you for posting in our Q&A forum.

    For domain password policy, we must configure domain password policy within the "Default Domain Policy" group policy object, the password policy will take effect.
    If we configure domain password policy in other custom group policy object instead of the "Default Domain Policy", it will not take effect.

    Please check you configured domain password policy within the "Default Domain Policy" group policy object.

    Also, please check whether you configured FGPP in your domain. Because if you have configured FGPP, the FGPP will have a higher priority than domain password policy.

    For more information about FGPP, please read the link below.
    Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD
    https://blogs.technet.microsoft.com/canitpro/2013/05/29/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad/

    Hope the information above is helpful.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.