Active Directory password policy: max pw age from unlimited to 30d?

Stanisław Smólski 41 Reputation points

I'm about to modify our password policy - currently max pw age is set to unlimited and we need it to be 30 days. What happens to current users and their passwords when i do that? From other threads about changing pw age from 180 to 90 days i got that the 90 days would be counted from users "password last set" value. Is it the same for when the pw age was set to unlimited? If i do the change users passwords will expire immediately?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,091 questions
0 comments No comments
{count} votes

Accepted answer
  1. Hannah Xiong 6,241 Reputation points


    Thank you so much for posting here.

    Currently Maximum password age is set to 0 days, which means that password will not expire. If we set it to be 30 days, many people will have their password expired immediately when the new password age policy is applied. It'll affect anyone who has a password aged 30 days or older. They'll have to change it. Yes, it will be counted from users "pwdLastSet" value.


    There is an exception when the user account is set to "Password never expires". The setting in user properties will overwrite the password policy.


    Hope the information is helpful. For any question, please feel free to contact us.

    Best regards,
    Hannah Xiong


    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Stanisław Smólski 41 Reputation points

    Thank you, that's all i needed to know :)

    0 comments No comments