Password policy GPO

Dias DT 21 Reputation points

I need to enable GPO password security in order users could change change their password every 120 days.
In GPO I configured :
Max password age 120 days
Minimum password age 1 days
Min owd length 8 charaters
Compexity Enabled
Linked to the group users.

Seems okay everything, but it shows that users must change not after 120 days, but 42 days. Could you help me in this issue?

A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,839 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,987 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 19,271 Reputation points Microsoft Vendor

    Hello DiasDT-8403,

    Thank you for posting in our Q&A forum.

    For domain password policy, we must configure domain password policy within the "Default Domain Policy" group policy object, the password policy will take effect.
    If we configure domain password policy in other custom group policy object instead of the "Default Domain Policy", it will not take effect.

    Please check you configured domain password policy within the "Default Domain Policy" group policy object.

    Also, please check whether you configured FGPP in your domain. Because if you have configured FGPP, the FGPP will have a higher priority than domain password policy.

    For more information about FGPP, please read the link below.
    Step-by-Step: Enabling and Using Fine-Grained Password Policies in AD

    Hope the information above is helpful.

    Best Regards,
    Daisy Zhou


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments