Active Directory

Yogesh Kamble 1 Reputation point
2020-09-28T15:57:33.23+00:00

Dear Team,

I have set password expire days as 180 days but user password get expire within 90 days. whenever I run net user xxxx /domian command it showing password will expire in 90 days. Please help me to set password expire days as 180 Days

Server 2016 Standard Edition.

Thanks
Yogesh

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,827 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,967 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,596 Reputation points
    2020-09-28T21:01:34.353+00:00

    Hi,

    You have to edit the password policy applied on impacted users in order to set the value 180 days for Maximum password age settings.

    To set password policy , you can use GPO default domain policy or Fine Grained Password Policy:

    password-policy-active-directory

    fine-grained-password-policy-best-practices

    Please don't forget to mark this reply as answer if it help you to fix your issue

    0 comments No comments

  2. Fan Fan 15,301 Reputation points Microsoft Vendor
    2020-09-29T01:07:41.52+00:00

    Hi,
    There are 2ways to set the password policy in AD :
    One is to configure it through GPO :Default domain policy
    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-policy
    28904-9291.jpg

    One is the FGPP (only for users and groups):
    https://learn.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad
    28974-9292.jpg

    When using “net user samAccountName /domain“, the value returned by “Password expires” doesn’t take in consideration the fine grained policies.
    It only shows the domain password policy.
    28943-9293.jpg

    You can considered the following Powershell command to confirm the password expired date.

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
    28885-9294.jpg
    Get-ADUserResultantPasswordPolicy USERNAME
    28991-9295.jpg

    0 comments No comments

  3. Fan Fan 15,301 Reputation points Microsoft Vendor
    2020-10-02T00:49:36.673+00:00

    29771-image.png

    0 comments No comments