updating password age from 30d to 365d - when does the it take affect?

clay2812 116 Reputation points
2021-11-16T23:13:52.207+00:00

hello AD administrators, I got a question for the group.
I'm an IT admin for an organization running W2008 R2 functional level. I'm using fine grained password policy to manage password settings for all users.

I want to change the password age from 90d to 365d. THe question is, after I update the fine grained policy from 90d to 365d. What will be the new date that the user will be required to set their password?

I see two scenarios.

SCenario 1 - will the user account will immediately receive the new password age when i update the fine grained policy and the next required password reset for the user account will be 365d from their password reset? (all user accounts will expire in 365 days depending on their last time they change tehri pwd).

Or

Scenario 2-the user account will receive the new fine grained password policy (with 365 day pwd age setting) but the 90 day age is still in effect for the account. Once the user changes their password, then the next required password change is 365 days. In this scenario, the user will still be required to change their password in 90 days from the last reset, but the 365 days for password age won't be active until after the change the password.

I'm just curious if it will be Scenario 1 or Scenario when I update the fine-grained password policy.
My preference is Scenario 2 - I want the user to change their password one more time (in the 90d time window) before moving to a 365 day pwd age.

Thanks

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,888 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2021-11-16T23:39:39.937+00:00

    It should take effect immediately but note that the new 365d will be from the last password change date for each user.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Gary Reynolds 9,591 Reputation points
    2021-11-17T01:57:09.453+00:00

    Hi @MichaelWatson-0778

    Have a look at the post which describes how to display which FGPP has been applied to a user and when the user is next required to reset their password, displayed in the password expires field.

    https://nettools.net/how-to-display-which-fine-grain-password-policy-is-applied/

    Gary.

    0 comments No comments

  2. clay2812 116 Reputation points
    2021-11-17T02:36:43.923+00:00

    Thank you for the quick response.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.