Active Directory

asked 2020-09-28T15:57:33.23+00:00
Yogesh Kamble 1 Reputation point

Dear Team,

I have set password expire days as 180 days but user password get expire within 90 days. whenever I run net user xxxx /domian command it showing password will expire in 90 days. Please help me to set password expire days as 180 Days

Server 2016 Standard Edition.

Thanks
Yogesh

Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
1,866 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,592 questions
{count} votes

3 answers

Sort by: Most helpful
  1. answered 2020-09-28T21:01:34.353+00:00
    BOURBITA Thameur 10,996 Reputation points Microsoft MVP

    Hi,

    You have to edit the password policy applied on impacted users in order to set the value 180 days for Maximum password age settings.

    To set password policy , you can use GPO default domain policy or Fine Grained Password Policy:

    password-policy-active-directory

    fine-grained-password-policy-best-practices

    Please don't forget to mark this reply as answer if it help you to fix your issue

    No comments

  2. answered 2020-09-29T01:07:41.52+00:00
    Fan Fan 15,041 Reputation points

    Hi,
    There are 2ways to set the password policy in AD :
    One is to configure it through GPO :Default domain policy
    https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-policy
    28904-9291.jpg

    One is the FGPP (only for users and groups):
    https://learn.microsoft.com/en-us/archive/blogs/canitpro/step-by-step-enabling-and-using-fine-grained-password-policies-in-ad
    28974-9292.jpg

    When using “net user samAccountName /domain“, the value returned by “Password expires” doesn’t take in consideration the fine grained policies.
    It only shows the domain password policy.
    28943-9293.jpg

    You can considered the following Powershell command to confirm the password expired date.

    Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
    28885-9294.jpg
    Get-ADUserResultantPasswordPolicy USERNAME
    28991-9295.jpg

    No comments

  3. answered 2020-10-02T00:49:36.673+00:00
    Fan Fan 15,041 Reputation points

    29771-image.png

    No comments