I know jack about active directory (don't even work with it), but I have noticed some behavior that I hope to have fixed by the people who run it for our organization.

We have a few accounts where the password is expiring 6 months to the day after account creation or 6 months after the password is reset. At one time, I think they were toying with forcing users to change their passwords every 6 months, but they they stopped doing that. and i think that policy might be in effect for certain accounts, but those accounts never receive any popups or any messages alerting them to change their password. they just get locked out every 6 months.

Any ideas on what the problem is, and where in active directory would one fix this on the problem accounts?

4/23/2007 1:53:05 PM

What kinda stupid question is that. This is why peopel need ot hire qualified peopel to do jobs, i mean I BET GOOGLE KNOWS! BUT IF you cant figure out this then you rpobalby dont know how to work a search engine.


So just try Acitve Directory Users and Computers, Then you konw check under the users account and see if the password expires is set.

And while your at it go into grop policy managment and see if some account policy is assinged to them or they are a member of a gorup with read permissions to a grop policy forcing the passdowrd reset.

4/23/2007 3:33:42 PM

download group policy management console from microsoft.

Run a report on a user who is getting expired and run a report on someone not getting expired. Compare results.

Also check to see what password policies you have set for the entire domain.

4/23/2007 3:38:13 PM

Quote :

"This is why peopel need ot hire qualified peopel to do jobs"

Typists, for example.

4/23/2007 3:49:30 PM

i tried logging in under a couple of the accounts, and running gpresult but that didn't yield anything interesting.

like i mentioned in my first post, my job doesn't have anything to do with active directory, i just want to be able to tell the people in charge of it what to check. i can assure you theyve checked that "password expiring" checkbox and its clear.

the group stuff is helpful, might mention that (after comparing gpresult output for one bad account and one good)

4/23/2007 3:55:53 PM

See if the accoutns with the expirign passwords are members of a certain group or OU.

^^ Yea thats right, I should spent my damned time makign sure every letter is right when you know DAMNED well what i mean.

He got the message he understood it, why the hell do you care if my typing sucks ass. I didtn ask

I DIDTN POST A THRead saying HOW CAN I SPELL AND TYPE RIGHT

[Edited on April 23, 2007 at 3:58 PM. Reason : dd]

4/23/2007 3:56:38 PM

haha wlfpk4evr is the worst user evr!!1

4/23/2007 4:09:07 PM

^ up your arse with broken glass you fool

im at least offering advice to this poor excuste of an admin, the only thing you have done in is throw your 2 worthless cents on my post, whichs makes you alot worse then me.

[Edited on April 23, 2007 at 4:15 PM. Reason : Go away]

4/23/2007 4:14:28 PM

paging BobbyDigital, paging BobbyDigital

4/23/2007 6:09:20 PM

Quote :

"im at least offering advice to this poor excuste of an admin"

where does he say that he is the admin?

4/23/2007 6:51:54 PM

STFU AND GTFO WLFPK4EVR

4/23/2007 9:10:59 PM

as said - check group policy settings and go from there - you will likely find that someone who didn't know what they were doing with group policy fucked something up... or perhaps did something and then left the company without documenting/telling anyone and now their settings are causing issues because it is overriding something on those older accounts - who knows just start digging

4/23/2007 10:18:16 PM

It's in group policy under:

Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy:

Maximum password age

4/23/2007 11:25:05 PM

Quote :

"who knows just start digging "

yeah problem is i don't own a shovel...if i did i'm pretty confident i could solve it. i just want to be able to tell the people who have them where to dig.

thanks for the info guys, i think i have enough to work with.

4/24/2007 12:59:21 AM

yeah, this is most definitely a group policy problem. maybe the users are in a container that has a different policy assigned to it. if the individual user's properties aren't set to have the password expire, that's the only other place you can do it.

4/24/2007 4:45:32 AM