When does password expire when unchecking "Password never expires"

On a Windows Server 2008 R2 AD, if you uncheck the account option "Password never expires" on a User Account, does the password expire instantly, or does it get set to the period defined in the Password Policy?


The expiration date should be inherited from the domain's policy. The last password modification date is being stored in the attribute pwdLastSet

So if you uncheck the box there's a slight chance that this user's password is older then your policy defines. Therefore the password might expire.

But you can check password expiration with

net user username

Edit: I think I just found the solution you are looking for. Just set pwdLastSet to -1 and it will store today's date.

Source with a decent VBS script: https://stackoverflow.com/questions/5556806/change-password-expiration-date-in-active-directory-using-vbs