Windows Active Directory - Implement a password policy. What will happen to current passwords?

password windows active-directory windows-server-2003

By default, users will be able to log on fine, and won't be forced to change their passwords straight away. When their password is next due for renewal then they will need to supply a password of the correct complexity at that time.

You can of course set the 'change password at next logon' flag on all accounts now if you want people to change their passwords as soon as possible. Depending on your situation this might be useful though obviously rather disruptive too; if you tell people about the new rules now but some of them don't have to change their passwords for another 60 days then they'll probably have forgotten about the new complexity rules by then.

If you want everyone to have a complex password then make sure that all passwords are set to expire so that they have to change them.


As far as I am aware windows will only check the complexity of the password when it is changed. So your current passwords will still be useable and the policy will only come into effect when users change their password.

Related

What is the order of precedence for RedHat network configuration files?
MySQL "wait_timeout" option won't save
VNC connection via SSH proxy machine
What are the typical methods used to scale up/out email storage servers?
mdadm: Replacing array with entirely new drives
Experience with MooseFS? [closed]
What is the difference between SAN Hard Drives and Normal Hard Drives?
Case sensitive folder names in MAMP
How to disable VGA on new server... reversibly?
yum does not pick the latest package
Windows Server 2008 R2 shut itself down for no apparent reason
How to set up SSH passwordless key authentication for remote access only, allowing local users to use passwords