Active Directory password policy: max pw age from unlimited to 30d?

Stanisław Smólski 41 Reputation points
2020-09-30T06:49:58.053+00:00

Hi
I'm about to modify our password policy - currently max pw age is set to unlimited and we need it to be 30 days. What happens to current users and their passwords when i do that? From other threads about changing pw age from 180 to 90 days i got that the 90 days would be counted from users "password last set" value. Is it the same for when the pw age was set to unlimited? If i do the change users passwords will expire immediately?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,662 questions
No comments
{count} votes

Accepted answer
  1. Hannah Xiong 6,161 Reputation points
    2020-09-30T07:39:33.89+00:00

    Hello,

    Thank you so much for posting here.

    Currently Maximum password age is set to 0 days, which means that password will not expire. If we set it to be 30 days, many people will have their password expired immediately when the new password age policy is applied. It'll affect anyone who has a password aged 30 days or older. They'll have to change it. Yes, it will be counted from users "pwdLastSet" value.

    29266-111.png

    There is an exception when the user account is set to "Password never expires". The setting in user properties will overwrite the password policy.

    29352-123.png

    Hope the information is helpful. For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    No comments

1 additional answer

Sort by: Most helpful
  1. Stanisław Smólski 41 Reputation points
    2020-09-30T07:47:03.283+00:00

    Thank you, that's all i needed to know :)

    No comments