Enforcing a 90 day expiration rule. RRS feed

  • Question

  • We are running a Windows 2008 forest/domain, with around 15000 users.

    My question is: If I set a 90 day expiration rule will users who are already past the 90 day expiration be required to change their password immediately?

    Monday, October 4, 2010 8:03 PM


All replies

  • Yes those over 90 days will have to change their password at the next login.  You may want to send out a broadcast message to give them a warning if you think it will take many of them by surprise but 90 days is a common practice.


    • Marked as answer by pinerop Monday, October 4, 2010 8:57 PM
    Monday, October 4, 2010 8:13 PM
  • If you do need to immediately set the policy (due to some business and/or security requirement), you can first set the account's property to "Password Never Expires".  This way, you can immediately put the policy in place, but then control who you want to expose the 90 day expiration setting by clearing the attribute as needed, maybe even do it alphabetically, or by department, OU, etc.., so its well controlled.


    Visit:, an IT Knowledge Base.
    Monday, October 4, 2010 8:46 PM
  • Thanks Mike.

    Much appreciated.


    ~ Paul
    Monday, October 4, 2010 8:58 PM
  • Thanks, JM.

    I beleive I will use Fine grain password policies to implement this.  it will be a little more work but less hassle for sensitive users.

    Much appreciated.


    ~ Paul
    Monday, October 4, 2010 9:00 PM