updating password age from 30d to 365d - when does the it take affect?

asked 2021-11-16T23:13:52.207+00:00
clay2812 116 Reputation points

hello AD administrators, I got a question for the group.
I'm an IT admin for an organization running W2008 R2 functional level. I'm using fine grained password policy to manage password settings for all users.

I want to change the password age from 90d to 365d. THe question is, after I update the fine grained policy from 90d to 365d. What will be the new date that the user will be required to set their password?

I see two scenarios.

SCenario 1 - will the user account will immediately receive the new password age when i update the fine grained policy and the next required password reset for the user account will be 365d from their password reset? (all user accounts will expire in 365 days depending on their last time they change tehri pwd).

Or

Scenario 2-the user account will receive the new fine grained password policy (with 365 day pwd age setting) but the 90 day age is still in effect for the account. Once the user changes their password, then the next required password change is 365 days. In this scenario, the user will still be required to change their password in 90 days from the last reset, but the 365 days for password age won't be active until after the change the password.

I'm just curious if it will be Scenario 1 or Scenario when I update the fine-grained password policy.
My preference is Scenario 2 - I want the user to change their password one more time (in the 90d time window) before moving to a 365 day pwd age.

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,598 questions
No comments
{count} votes

Accepted answer
  1. answered 2021-11-16T23:39:39.937+00:00
    Dave Patrick 328.6K Reputation points Microsoft MVP

    It should take effect immediately but note that the new 365d will be from the last password change date for each user.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    No comments

2 additional answers

Sort by: Most helpful
  1. answered 2021-11-17T01:57:09.453+00:00
    Gary Reynolds 8,806 Reputation points

    Hi @MichaelWatson-0778

    Have a look at the post which describes how to display which FGPP has been applied to a user and when the user is next required to reset their password, displayed in the password expires field.

    https://nettools.net/how-to-display-which-fine-grain-password-policy-is-applied/

    Gary.

    No comments

  2. answered 2021-11-17T02:36:43.923+00:00
    clay2812 116 Reputation points

    Thank you for the quick response.