none
Password Policy not applied to a few account

    Question

  • Hi,

    We have Windows 2008 R2. In Default domain Policy, we set the Maximum password age to 180 days, however I noticed the password days is older than 180 days for a few accounts according to the "LastPWSet" AD attribute value. "Password Never Expired" are not checked in those accounts. What could cause the issue? Where should I look at?

    Thanks in advance!


    Grace

    Tuesday, June 12, 2018 4:30 PM

Answers

  • Hi,

    >>I think this account is not in use because its last login time is 11/01/2017, but the report I got by ADManager Plus didn't show the password is expired. 

    So, it's an expected behavior as the last login time is 11/01/2017.

    For the in-active account, I would suggest you disable it and move it to a specific OU.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by graceyin39 Thursday, June 14, 2018 3:06 PM
    Thursday, June 14, 2018 2:08 AM

All replies